Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
400
Views
0
Helpful
4
Replies

Campus allow ssh/https through pix.SOS

gopal_prestel
Level 1
Level 1

‎05-21-2005 04:40 AM - edited ‎03-09-2019 11:20 AM

hi guys

im working on a campus network just got the network up and pix 535 has been installed, according to my knowledge pix will allow all traffic from high security interfaces to low security interface and i know its the truth.

my iisue is very simple i would like to allow ssh/ https traffic to pass through pix from inside interfaces, i shouldnt be havinmg any problem in that , but i guess im getting stuck somewhere, there is a HP server right in front of pix attached to the outside interface of pix , im not able to SSH that machine.i have allowed hhtps and ssh from outside interface and im getting my hitcounts so im presuming i have no problem in that , the campus network has public IPs spread across the campus and pix has only one interface thats inside interface with public IP just acting as a gateway for all incoming public ip and is doing identity NAT for all traffic.

im posting my runn-config, pls feel free to comment.

Shukky

India

Labels:
Preview file
5 KB
0 Helpful
4 Replies 4

mostiguy
Level 6
Level 6

‎05-21-2005 05:33 AM

What is the ip address of the hp box running ssh? What is the ip address of the host you are attempting to ssh from? Knowing that, we would have a better idea of whether your nat rules are ok.

0 Helpful

gopal_prestel
Level 1
Level 1
In response to mostiguy

‎05-21-2005 10:47 PM

hi

my pix's outside interface ip is 172.16.1.1 and Hp machine's IP is 172.16.1.2 , and im trying to ssh from a public IP machine form insid the campus via inside interface of PIX.

pix is not doing any xlation for any IP.

Shukky

India

0 Helpful

sachinraja
Level 9
Level 9
In response to gopal_prestel

‎05-22-2005 02:35 AM

hello shukky

when doing any data transfer between the inside to outside, you just need to check the nat rules. i notice that u have a default nat rule to nonat the traffic. there are also no ACLs associated with the inside interface, which means, ur config is right. are you sure that the routing is fine ? are you able to ping the HP server from the client PC ?? also , make sure, you are able to do SSH from the outside subnet to the server.

Raj

0 Helpful

froggy3132000
Level 3
Level 3

‎05-22-2005 05:59 AM

You need to add ssh access to the internal interface.

ssh interface

0 Helpful
Customers Also Viewed These Support Documents