Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
292
Views
0
Helpful
3
Replies

Secure communication between 2 Solaris Via PIX

srowles
Level 1
Level 1

‎10-27-2004 01:09 AM - edited ‎02-20-2020 11:42 PM

Hi

I have a scenario where I have 2 Solaris boxes (one on the inside and one on the outside) attached to a PIX. I am looking to secure a portion of traffic between the two Solaris machines irrespective of which one initiates the connection and without manual intervention.

I have been looking at the Cisco VPN client for this but it looks like this will not be a very elegant solution as firstly the "Auto-Initialisation" feature does not work with the Solaris client and also the Solaris machines would both in effect be initiators of VPN tunnels and also terminators (at times I would require that the PIX initiates a VPN connection to the VPN client as a result of traffic destined for the client. I’m pretty sure I can’t do this).

Any suggestions would be appreciated. Thanks in advance.

0 Helpful
3 Replies 3

Patrick Iseli
Level 7
Level 7

‎10-27-2004 04:43 AM

How about SSH tunnel from the outside to the inside. Both SUN boxes have ssh implemented and could even use the port forwarding feature to tunnel other protocols. And finaly should not forget all scripting features that could be used.

SSH-Public = NAT address, public IP, of inside SUN Host

PIX(config)# access-list acl-outside permit tcp host SunOutsideHost host SSH-Public eq 22

PIX(config)# access-group acl-outside in interface outside

static (inside,outside) SSH-Public SSH-LAN netmask 255.255.255.255 0 0

Check the SUN Whitepapers for the SSH implementation:

Configure SSH

http://www.sun.com/bigadmin/features/articles/sec_shell_1.html

Deployment and Installation

http://www.sun.com/blueprints/0701/openSSH.pdf

sincerely

Patrick

0 Helpful

srowles
Level 1
Level 1
In response to Patrick Iseli

‎10-27-2004 06:57 AM

Hi Patrick

Thanks for the information. It has certainly given me something to think about. I am now also looking at the possibility of a GRE tunnel as my problem is not specifically one of security but more of a solution to avoid opening many ports on a firewall. I´m therefore looking for a suitable tunneling solution. Unfortunately I´m not a Unix person at all and I am trying to help someone else out with this problem from the perspective of being a Cisco bod.

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to srowles

‎10-27-2004 10:44 AM

SSH uses a encrypted tunnel as GRE !

SSH support xDES, AES, blowfish .....

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card