Re: SSH access to internal server

rmataconis · ‎01-11-2007

Hi, I have an outside client who needs ssh access to an internal sevrer on my LAN. ON my PIX, I've: added a conduit permit statement allowing his outside address inside to the server. Also a static (insie outside) statement giving my interanl server a public address.

What else do I need to do? He still cannot ssh inside. thx.

5220 · ‎01-11-2007

Hi,

Please be aware of the pre-nat/post-nat ip you permitted in the conduit. This always confused me.

Just in case add an outbound statement for the return traffic.

And of course, upgrade to 6.3 and use ACL instead :)

Please rate if this helped.

Regards,

Daniel

Collin Clark · ‎01-12-2007

Did you do a full NAT or a port translation? Please post your statics and outside ACL statement for the SSH access.

scot.henry · ‎01-19-2007

I am having the same problem. I had a Cisco tech configure the PIX to allow SSH traffic, but the response from the SSH server was not passing out of the firewall. Internally, the SSH server responds fine from an SSH client. Any suggestions?

Jon Marshall · ‎01-19-2007

Hi

Have you done any debugging to see where the packet is getting to. What is the default gateway of your ssh server and if it isn't the pix does the ssh server know the route back to the outside client address.

HTH