Solved

Cisco PIX 501 won't allow SSH

Posted on 2009-05-09
2
1,353 Views
Last Modified: 2012-05-06
Our non-profit has a small network of clients that use our access to the Internet and we use the PIX to segregate their network from ours.  All is working except I cannot SSH into the PIX device.  I believe the necessary statements are in place but I can't log into it. (Putty) SSH rejects my login but I'm certain I'm using the correct username and password.  I can't see anything in my log either that would point out the problem; perhaps the logging isn't setup correct either. Any suggestions would be most helpful as I've spent a lot of time looking at the configuration and Internet postings.  I'm trying to SSH in from a PC on the 172.16.2.x network (directly attached to the PIX outside network.) Thank you.
PIX Version 6.3(4)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password aDU/SenosGi/7GR2 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname Ph1ier

domain-name xxx

clock timezone EST -5

clock summer-time EDT recurring

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

name 172.16.3.0 ComputerCenter

name 172.16.5.0 VineStreet

name 172.16.2.0 Vonlouhr

name 172.16.4.0 IntakeOffice

name 172.16.6.0 HaddOffice

name 1.1.1.1 Internet

name 172.16.2.3 Sulley

name 192.168.1.6 AP

name 172.16.2.18 gateway

object-group network AA

  network-object VineStreet 255.255.255.0

  network-object ComputerCenter 255.255.255.0

  network-object IntakeOffice 255.255.255.0

  network-object HaddOffice 255.255.255.0

  network-object Vonlouhr 255.255.255.0

object-group network AllowedACHA

  network-object Sulley 255.255.255.255

access-list inside_access_in permit icmp any host 172.16.2.1

access-list inside_access_in permit ip any host 172.16.2.1

access-list inside_access_in permit ip any host Sulley

access-list inside_access_in deny ip any object-group AA

access-list inside_access_in permit ip any any

access-list outside_access permit ip any object-group AA

pager lines 24

logging timestamp

logging console debugging

logging buffered debugging

logging history debugging

mtu outside 1500

mtu inside 1500

ip address outside 172.16.2.12 255.255.255.0

ip address inside 192.168.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm location Vonlouhr 255.255.255.0 outside

pdm location ComputerCenter 255.255.255.0 outside

pdm location IntakeOffice 255.255.255.0 outside

pdm location VineStreet 255.255.255.0 outside

pdm location HaddOffice 255.255.255.0 outside

pdm location 172.16.2.1 255.255.255.255 outside

pdm location Internet 255.255.255.255 outside

pdm location Sulley 255.255.255.255 outside

pdm location 0.0.0.0 255.255.255.255 inside

pdm location 0.0.0.0 255.255.255.255 outside

pdm location 0.0.0.0 255.255.255.0 outside

pdm location 172.16.2.13 255.255.255.255 outside

pdm location AP 255.255.255.255 inside

pdm location 172.16.2.4 255.255.255.255 outside

pdm group AA outside

pdm group AllowedACHA outside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group outside_access in interface outside

access-group inside_access_in in interface inside

rip inside default version 1

route outside 0.0.0.0 0.0.0.0 gateway 1

route inside AP 255.255.255.255 192.168.1.1 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http Vonlouhr 255.255.255.0 outside

http ComputerCenter 255.255.255.0 outside

snmp-server host outside 172.16.2.4

snmp-server location hereio

snmp-server contact Glenjamin

snmp-server community xxxx

snmp-server enable traps

floodguard enable

telnet Vonlouhr 255.255.255.0 outside

telnet ComputerCenter 255.255.255.0 outside

telnet timeout 5

ssh Vonlouhr 255.255.255.0 outside

ssh ComputerCenter 255.255.255.0 outside

ssh timeout 30

console timeout 0

dhcpd address 192.168.1.10-192.168.1.254 inside

dhcpd dns 151.197.0.39 151.197.0.38

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd enable inside

username administrator password Y.BiSvM.RMx5AQYI encrypted privilege 15

terminal width 80

Cryptochecksum:4da717754c339264ec128fd30840f4f1

: end

Ph1ier#

Open in new window

0
Comment
Question by:ejefferson213
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 24346509
Try using "pix" for the username and the enable password?
0
 

Author Closing Comment

by:ejefferson213
ID: 31579802
That was it. Thank you very much.  Strange that you don't see it in the configuration; guess it's built in.  
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to use a IP block on cisco 877 3 42
cisco VIRL 3 46
Cisco 2800 SNMP - false power supply alert? 3 50
Connecting to CISCO 4402 WLC 3 9
Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now