Link to home
Create AccountLog in
Avatar of Manuel
ManuelFlag for United States of America

asked on

ALLOWING SSH ACCESS INTO INTERNAL DEVICE

Hi,

The current Network looks like this>>>>

       PIX --------- Server 1
        |    --------- Server 2
        |
        |
    Switch 1 ------------ Multiple Hosts
                 ------------ Host AS500

Currently the PIX has static statements and access-list which allow SSH from the outside into Server 1 and Server 2. When one tries to ssh into 216.X.X.A which is the public IP on the PIX. The PIX sends you too Server 1. When you SSH into 216.X.X.B. The PIX sends you too Server 2. What I need is the PIX to allow SSH into another host which is located behind the PIX using SSH. How can I set this up?

Thank You,
vreyesii
   
Avatar of rsivanandan
rsivanandan
Flag of India image

Victor,

  Not clear! You want to add another static entry so that from OUTSIDE you can send ssh to another host?

Can you put up the respective zones as well ?

Cheers,
Rajesh
SOLUTION
Avatar of giltjr
giltjr
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Manuel

ASKER

The host named AS500 is the host which I want to direct SSH request.

vreyesii
Server 2 is also behind the PIX is it not?

Do you have any spare external IP addresses left?
Seriously I still didn't get the question, he has it in his mind but we don't :-(

Cheers,
Rajesh
Avatar of Manuel

ASKER

Yes Server 2 is behind the PIX. I do not have anymore external IP address left, and I wouldn't like to get more right now. I am trying to avoid that. I am trying to allow access to the AS500 host using SSH which is located behind the PIX. The AS500 host is a router.

vreyesii
Temporarily, as suggested above, ssh on to server 2. then ssh from there using the internal IP of the AS500
Avatar of Manuel

ASKER

So there is no way I can change the port number for SSH between the PIX and the AS500 router to keep using the existing external IP?

vreyesii
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
hehehe. I'll leave it to you Rajesh, I can feel a nap coming on :)
Hey C'mon Keith, it is 12:00 in the night here and I still type so you shouldn't sleep now :-)

Cheers,
Rajesh
No, I meant from THIS question lol :)
:-)

Cheers,
Rajesh
Avatar of Manuel

ASKER

Thanks for the help I got it working.

vreyesii