Cisco PIX 501 won't allow SSH

Posted on 2009-05-09
Last Modified: 2012-05-06
Our non-profit has a small network of clients that use our access to the Internet and we use the PIX to segregate their network from ours.  All is working except I cannot SSH into the PIX device.  I believe the necessary statements are in place but I can't log into it. (Putty) SSH rejects my login but I'm certain I'm using the correct username and password.  I can't see anything in my log either that would point out the problem; perhaps the logging isn't setup correct either. Any suggestions would be most helpful as I've spent a lot of time looking at the configuration and Internet postings.  I'm trying to SSH in from a PC on the 172.16.2.x network (directly attached to the PIX outside network.) Thank you.
PIX Version 6.3(4)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password aDU/SenosGi/7GR2 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname Ph1ier

domain-name xxx

clock timezone EST -5

clock summer-time EDT recurring

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69


name ComputerCenter

name VineStreet

name Vonlouhr

name IntakeOffice

name HaddOffice

name Internet

name Sulley

name AP

name gateway

object-group network AA

  network-object VineStreet

  network-object ComputerCenter

  network-object IntakeOffice

  network-object HaddOffice

  network-object Vonlouhr

object-group network AllowedACHA

  network-object Sulley

access-list inside_access_in permit icmp any host

access-list inside_access_in permit ip any host

access-list inside_access_in permit ip any host Sulley

access-list inside_access_in deny ip any object-group AA

access-list inside_access_in permit ip any any

access-list outside_access permit ip any object-group AA

pager lines 24

logging timestamp

logging console debugging

logging buffered debugging

logging history debugging

mtu outside 1500

mtu inside 1500

ip address outside

ip address inside

ip audit info action alarm

ip audit attack action alarm

pdm location Vonlouhr outside

pdm location ComputerCenter outside

pdm location IntakeOffice outside

pdm location VineStreet outside

pdm location HaddOffice outside

pdm location outside

pdm location Internet outside

pdm location Sulley outside

pdm location inside

pdm location outside

pdm location outside

pdm location outside

pdm location AP inside

pdm location outside

pdm group AA outside

pdm group AllowedACHA outside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0 0

access-group outside_access in interface outside

access-group inside_access_in in interface inside

rip inside default version 1

route outside gateway 1

route inside AP 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http Vonlouhr outside

http ComputerCenter outside

snmp-server host outside

snmp-server location hereio

snmp-server contact Glenjamin

snmp-server community xxxx

snmp-server enable traps

floodguard enable

telnet Vonlouhr outside

telnet ComputerCenter outside

telnet timeout 5

ssh Vonlouhr outside

ssh ComputerCenter outside

ssh timeout 30

console timeout 0

dhcpd address inside

dhcpd dns

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd enable inside

username administrator password Y.BiSvM.RMx5AQYI encrypted privilege 15

terminal width 80


: end


Open in new window

Question by:ejefferson213
LVL 79

Accepted Solution

lrmoore earned 500 total points
ID: 24346509
Try using "pix" for the username and the enable password?

Author Closing Comment

ID: 31579802
That was it. Thank you very much.  Strange that you don't see it in the configuration; guess it's built in.  

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to use a IP block on cisco 877 3 42
cisco VIRL 3 46
Cisco 2800 SNMP - false power supply alert? 3 50
Connecting to CISCO 4402 WLC 3 9
Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now