Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1334
  • Last Modified:

SSH and PIX 515

I am trying to figure out how to give access to outside vendors to inside servers through SSH. I have been able to coonct to the PIX using SSH but how do I configure the PIX to allow outside clients to get to inside resouses using SSH?
0
trath
Asked:
trath
  • 2
1 Solution
 
sprestonCommented:
If you're trying to give outside folks access to your servers and such inside the firewall, you will need to add a static translation to your NAT table, giving those internal devices external IPs.  Once the internal device is reachable by the outside world, you'll then set your rules.  You'll want to allow SSH (preferably only from specific IPs) and disallow all else, to maintain the highest level of security possible.

Shawn

Shawn Preston, CISSP
Founder, SecureThinking
www.securethinking.net

"Where Information Security Evolves"
0
 
trathAuthor Commented:
I am looking for the exact commands on how to do a static traslation on a PIX. I appreciate yuor help
0
 
lrmooreCommented:
Assuming that you have a pool of IP addresses to choose from, make sure that the static global addresses are removed from the nat pool. We'd have to see your complete config to make many more detailed recommendations:

PIX#config t
PIX(config)# static (inside,outside)<global ip> <local ip> netmask 255.255.255.255
0
 
lrmooreCommented:
You also have to allow ssh access from the outside interface

PIX(config)#ssh 0.0.0.0 0.0.0.0 outside
or limit to specific IP addresses
PIX(config)#ssh 134.45.67.8 255.255.255.255 outside
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now