Link to home
Start Free TrialLog in
Avatar of ejefferson213
ejefferson213

asked on

Cisco PIX 501 won't allow SSH

Our non-profit has a small network of clients that use our access to the Internet and we use the PIX to segregate their network from ours.  All is working except I cannot SSH into the PIX device.  I believe the necessary statements are in place but I can't log into it. (Putty) SSH rejects my login but I'm certain I'm using the correct username and password.  I can't see anything in my log either that would point out the problem; perhaps the logging isn't setup correct either. Any suggestions would be most helpful as I've spent a lot of time looking at the configuration and Internet postings.  I'm trying to SSH in from a PC on the 172.16.2.x network (directly attached to the PIX outside network.) Thank you.
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password aDU/SenosGi/7GR2 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname Ph1ier
domain-name xxx
clock timezone EST -5
clock summer-time EDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 172.16.3.0 ComputerCenter
name 172.16.5.0 VineStreet
name 172.16.2.0 Vonlouhr
name 172.16.4.0 IntakeOffice
name 172.16.6.0 HaddOffice
name 1.1.1.1 Internet
name 172.16.2.3 Sulley
name 192.168.1.6 AP
name 172.16.2.18 gateway
object-group network AA
  network-object VineStreet 255.255.255.0
  network-object ComputerCenter 255.255.255.0
  network-object IntakeOffice 255.255.255.0
  network-object HaddOffice 255.255.255.0
  network-object Vonlouhr 255.255.255.0
object-group network AllowedACHA
  network-object Sulley 255.255.255.255
access-list inside_access_in permit icmp any host 172.16.2.1
access-list inside_access_in permit ip any host 172.16.2.1
access-list inside_access_in permit ip any host Sulley
access-list inside_access_in deny ip any object-group AA
access-list inside_access_in permit ip any any
access-list outside_access permit ip any object-group AA
pager lines 24
logging timestamp
logging console debugging
logging buffered debugging
logging history debugging
mtu outside 1500
mtu inside 1500
ip address outside 172.16.2.12 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location Vonlouhr 255.255.255.0 outside
pdm location ComputerCenter 255.255.255.0 outside
pdm location IntakeOffice 255.255.255.0 outside
pdm location VineStreet 255.255.255.0 outside
pdm location HaddOffice 255.255.255.0 outside
pdm location 172.16.2.1 255.255.255.255 outside
pdm location Internet 255.255.255.255 outside
pdm location Sulley 255.255.255.255 outside
pdm location 0.0.0.0 255.255.255.255 inside
pdm location 0.0.0.0 255.255.255.255 outside
pdm location 0.0.0.0 255.255.255.0 outside
pdm location 172.16.2.13 255.255.255.255 outside
pdm location AP 255.255.255.255 inside
pdm location 172.16.2.4 255.255.255.255 outside
pdm group AA outside
pdm group AllowedACHA outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group outside_access in interface outside
access-group inside_access_in in interface inside
rip inside default version 1
route outside 0.0.0.0 0.0.0.0 gateway 1
route inside AP 255.255.255.255 192.168.1.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http Vonlouhr 255.255.255.0 outside
http ComputerCenter 255.255.255.0 outside
snmp-server host outside 172.16.2.4
snmp-server location hereio
snmp-server contact Glenjamin
snmp-server community xxxx
snmp-server enable traps
floodguard enable
telnet Vonlouhr 255.255.255.0 outside
telnet ComputerCenter 255.255.255.0 outside
telnet timeout 5
ssh Vonlouhr 255.255.255.0 outside
ssh ComputerCenter 255.255.255.0 outside
ssh timeout 30
console timeout 0
dhcpd address 192.168.1.10-192.168.1.254 inside
dhcpd dns 151.197.0.39 151.197.0.38
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside
username administrator password Y.BiSvM.RMx5AQYI encrypted privilege 15
terminal width 80
Cryptochecksum:4da717754c339264ec128fd30840f4f1
: end
Ph1ier#

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ejefferson213
ejefferson213

ASKER

That was it. Thank you very much.  Strange that you don't see it in the configuration; guess it's built in.