Solved

SSH PIX

Posted on 2009-07-07
4
400 Views
Last Modified: 2013-11-16
I am trying to configure one pix version 6.3 and 7.2 to use putty and SSH login to the pix from inside the LAN from only 3 LAN ip addresses all other IP's would not be allowed login. if needed i will can provide more info. looking for the correct commands.
0
Comment
Question by:jeffsteffy
  • 3
4 Comments
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24799393
Hi,
make a  acl 101 deny tcp 0.0.0.0 255.255.255.255 your.sshd.ser.ver 0.0.0.0  eq 22

and a

acl 101 permit tcp 10.10.1.1-3 255.255.255.0 your.sshd.ser.ver 0.0.0.0 eq 22

where the 10.10.1.1-3 is the range of ips you want to allow, if not a range, enumerate them one by one

Jfer
0
 
LVL 2

Author Comment

by:jeffsteffy
ID: 24799440
What does this part do? your.sshd.ser.ver 0.0.0.0
0
 
LVL 9

Accepted Solution

by:
jfer0x01 earned 500 total points
ID: 24799580
the ip of the ssh device you are going into, and the subnet
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24799893
actually,

just try access-list 101 permit tcp 10.10.1.1-3 255.255.255.0 your.sshd.ser.ver 0.0.0.255 eq 22

the last set of numbers before the 22 is the wildcard bit for the subnet

Jfer
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question