Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 525 Access-list issue

Status
Not open for further replies.
cmal00

cmal00

IS-IT--Management
Jul 31, 2006
28
0
0
US
I'm trying to ssh from the outside world into one of my servers. I gave three interfaces on the PIX, ouside, inside, Vlan5. Vlan5 being on the outside of my privated network. The server is on Vlan5. It as a public ip. Here is what I have in the access-list for this connection,

access-list outside_acl permit tcp any host [server-ip]eq ssh

I can't ssh from home into it. The PIX is also connected into a 6509 switch not being used as a route, but it has it own access-list. The PIX connects to the inside interface to the swtich. Also the PIX connects to a router on the outside interface. Both servers are on the same subnet.

Thanks

Carl

I have another server also with a public ip that works fine. It has the same access list rule as the other server that does not work.

Any ideas??
 
Sort by date Sort by votes
Do you have "STATIC" mapping for this server

something like

Code: 
static (Vlan5,outside) global_IP private_IP netmask 255.255.255.255 0 0
 
Upvote 0 Downvote
Yes, I do. I even try doing the (inside,outside)
 
Upvote 0 Downvote
Strange thing about it is that the server that works doesn't have that entry.
 
Upvote 0 Downvote
Can you ping this server from the firewall? Can this server reach the outside world? Do you have any access rules blocking outgoing traffic on this interface?
 
Upvote 0 Downvote
I can ping within the firewall to nthe server. I can't go out to the world and I can't find anywhere where I am closing traffic on the interface
 
Upvote 0 Downvote
Also, we have a outside router, from there I can ping the one server that works likes call it serverA, but I can't ping the other server (serverB). Again, they are on the same subnet. There is a route on the outside router via the inside interface that goes to the PIX. (ip.0/26)
 
Upvote 0 Downvote
Can you please check the servers gateway and subnet mask.

Your first task is to make sure the server can actually see the outside world, then can post your config, obviously you need to remove anything that is sensitive.
 
Upvote 0 Downvote
The gateway and submask are correct. I can see the world also. The PIX has to much sensitive data, I'm not aloud to give it out.
 
Upvote 0 Downvote
Just scrub it before you post -
remove all passwords
Sub in a.b.c.### for any external IPs
Change/delete the domain name


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
I'll get back on this later, my configuration is over 300 lines.
 
Upvote 0 Downvote
I got it working, it turn out to be a server issue. I do however have a problem where I will lose connection on the ssh, by doing a clear xlate, it comes back. I have to do this onces a week. Is this normal?
 
Upvote 0 Downvote
Sounds like you might have resources issue, does this affect only this server?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
125
nnaarrnn
nnaarrnn
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
177
Shmid
Shmid
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
44
brownmab53
brownmab53
Jimbo2015
  • Locked
  • Question
Avaya - Watch guard issue with keep alives
Replies
1
Views
55
hairlessupportmonkey
hairlessupportmonkey
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
36
xwray
xwray

Part and Inventory Search

Sponsor

Back
Top