ssh to PIX outside interface (DHCP)

guwb · ‎12-08-2005

I have setup a PIX connect to the Internet using a dynamic IP. And I have enable the appropriate IP to access the PIX from outside. But I cannot access the PIX using ssh from outside.

I enable debug ssh on the PIX, but only see something like

TCP connect allowed from outside IP to interface IP/ssh.

And PDM, PPTP all have the problem.

Anyone has this problem?

Patrick Iseli · ‎12-08-2005

Have you created a certificate for ssh on the PIX ?

Check the ssh key:

show ca mypubkey rsa

Generate a key:

hostname cisco-pix

domain-name example.com

ca generate rsa key 1024

show ca mypubkey rsa

Save ssh key:

ca save all

Allow incomming ssh connections:

ssh ip_address [netmask] [interface_name]

sincerely

Patrick

jackko · ‎12-08-2005

you mentioned "dynamic ip", just wondering if you are referring to the pix will negotiate the public ip from the isp after a certain time period. assuming the public ip keeps changing, then remote management would not be feasible with pix.

if it is a router, configuring "dynamic dns" will resolve this issue. unfortunately, i don't think pix support ddns yet.

Patrick Iseli · ‎12-09-2005

You may use a Dynamic DNS service, generaly this service is free. This service updates all IP changes to the hostname and whenever the IP changes the DNS name change too !

Details:

This is the No-IP.com Dynamic DNS update client page. We offer these clients for you to download free of charge. The clients are available for Linux/Unix, MacOS, and Windows.

When configured correctly, the client will check your IP address at a given time interval checking to see if your IP has changed. If your IP address has changed it will notify our dns servers and update the IP corresponding to your No-IP/No-IP+ hostname.

http://www.no-ip.com/downloads.php

sincerely

Patrick

guwb · ‎12-09-2005

I found the problem. It is the india ISP who use 24online service that may cause the problem.