ssh over easy vpn

[slyride]

Hello,
I wanted to set up a PIX 501 as an easy VPN server and then connect via the easy VPN and then SSH into the PIX from there using the VPN address of client machine. Has anyone done this or know if it is possible? Would I enable the ssh on the inside interface or outside interface?
TIA

 

[LloydSev]

generally you include a statement such as "sysopt connection permit-ipsec", so that on an IPSec VPN, all traffic bypasses ACLs and permits all traffic.

Computer/Network Technician
CCNA

 

[slyride]

LloydSev,
Hello and thanks for the reply, your reputation preceeds you.
I have the sysopt command in already but do I do the "ssh x.x.x.x 255.255.255.255 inside" or "ssh x.x.x.x 255.255.255.255 outside"?
Thanks
Leon

 

[NetworkGhost]

If you are going to use the VPN address assigned I think it would have to be on the inside interface. You could do outside but you wouldnt be using the VPN IP to connect.

 

[slyride]

Hello all,
So I dropped this task for a while and am now back at it. I am still having no success with remote administration through the ezvpn, though the ezvpn works fine. I before proceeding further, I will pose this question. Would I be secure enough to just set up ssh from a specified ip on the outside interface and not use ezvpn?
Thanks
Leon

 

[NetworkGhost]

Sure. You could define and ACL that will allow only a IP or IP range to access SSH on the device making the port open only to your distant end IP. This is a pretty common way to do it.

 

[slyride]

Ok, I got what I was originally looking for. I needed the command
management-access inside
Here is the link to the command reference at cisco

http://www.cisco.com/en/US/products...erence_chapter09186a00801727ab.html#wp1137951

Anyway so I can now manage the pix by hitting the inside iterface through a vpn tunnel established to that device, so now it will encrypt the ssh session through the vpn session.
Thanks to all who helped