SSH through PIX firewall

[wstran]

Greetings,

My network is set up as follow:

Internet
|
|
Router
| 10.10.10.1 (Router INSIDE)
|
| 10.10.10.2 (Pix OUTSIDE)
PIX 515E
| 192.168.3.1 (Pix INSIDE)
|
|
PCs(192.168.3.xxx)

I can ssh to Pix INSIDE from PCs with 192.168.3.xxx. Now I want to ssh through Pix to Router Inside to do some admin works. Please show me how to do it, thanks.

 

[KiscoKid]

By default the PIX will allow any traffic from inside to outside. However, if you have defined an access list to control access out of your network, you will need to add the following line to that access list:

access-list permit tcp 192.168.3.x 255.255.255.0 host 10.10.10.1 eq 22

 

[wstran]

Thanks KiscoKid.

Is this acl applied to INSIDE or OUTSIDE of the PIX firewall?

 

[KiscoKid]

It would be applied to any acl you have applied on the PIX inside interface (if it exists). As I say, by default the PIX will allow this already unless an acl has been explicitly configured already. You can confirm this with the 'show access-group' command.