Pix 501, unable to SSH via Internet

[stephenQ]

Ok, I have a querky setup but for several reasons. I have everything working except SSH via internet. The host behind my pix can access the internet and i can access them via port forwarding. Now my crazy setup, not the best but its for several reasons. I have my pix behind my Linksys router. I'm double Nat'ing, which is never a good thing. But what is confusing me is this. i have the pix exposed as the DMZ on my linksys but I still can't SSH to the pix.

I'm thinking, do I need to create a static or no nat, for the outside interface of my pix and point it to the real IP of my network?

Any ideas?

Thanks.

 

[Supergrrover]

You just need to enable ssh on the pix with the allowed networks and set the telnet password. Nothing else needed.



Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[stephenQ]

Yes, thats what i thought too. I can reach if from the internal networks but when I am remote I am unable to reach it via the internet.

 

[Supergrrover]

Do you have
ssh 0.0.0.0 0.0.0.0 outside

If so, it is a port forwarding issue with your other firewall.

Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[stormproof]

I am assuming you created a key for ssh right?
I think you need a domain name configured before you can generate the key.

domain-name test.com
crypto key generate rsa modulus 2048
ssh 0.0.0.0 0.0.0.0 outside

(Troubleshooting)
logging buffered debugging
sh run log | i 22

 

[burtsbees]

I think the first step, stormproof, is to zeroize the keys, though they do not exist...you must put that command in. I think it it
crypto key zeroize ...uh...I forget...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!