[SOLVED] Cisco pix 501 and SSH.

bluewire · 04-06-2011, 08:41 PM

Hi guys.I have this cisco pix 501 at home and have connected at interface0 the router usr 9108.

What do i do to ssh from an internet cafe for example to my cisco pix at home to control it?

---------- Post added 04-06-11 at 08:42 PM ----------

from my LAN i can ssh, what i want is to be able to ssh from wherever outside my house.

rtsai123 · 04-07-2011, 06:06 PM

You need to add this to your config

access-list inbound extended permit tcp any host x.x.x.x(outside ip) eq ssh
ssh 0.0.0.0 0.0.0.0 interface-outside - this should be the name of your outside interface.

btw opening ssh to the outside isn't a good idea. Another alternative would be to use vpn and then have a server relay back to the pix.

Hope this helps! Let me know if you need more info.

jefro · 04-07-2011, 07:24 PM

rtsai123's answer should be OK.

http://www.cisco.com/en/US/docs/secu.../63_501qk.html
"
You can also access the CLI using SSH/Telnet to the PIX Firewall. By default, SSH/Telnet access is not permitted. Use PDM or the console to configure SSH/Telnet access to the PIX Firewall. To Telnet to the PIX Firewall from the outside perimeter of the PIX Firewall, configure an outside IP address and IPSec for a secure Telnet session. Refer to the Cisco PIX Firewall and VPN Configuration Guide for more information about how to use the CLI. "