|
Posted by Gary on November 26, 2005, 6:54 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>I have an ADSL router and behind this a PIX. I want to be able to SSH to
>the pix from an external source.
>
> I can telnet to the public IP of the router fine.
>
> Looks like this.
> ADSL Router is simple.
> ================
> interface ATM0/0
> no ip address
> no atm ilmi-keepalive
> dsl operating-mode auto
> pvc 0/38
> encapsulation aal5mux ppp dialer
> dialer pool-member 1
> !
> !
> interface FastEthernet0/0
> ip address 10.16.16.3 255.255.255.0
> ip nat inside
> !This is the inside interface handing off to the PIX
> duplex auto
> speed auto
>
> interface Dialer0
> ip address negotiated
> ip nat outside
> encapsulation ppp
> dialer pool 1
> dialer persistent
> dialer-group 1
> ppp authentication chap callin
> ppp chap hostname whatever
> ppp chap password 0 whatever
> ppp multilink
> !
> ip nat inside source list 1 interface Dialer0 overload
> ip nat inside source static tcp 10.16.16.10 22 212.2.2.50 22 extendable
>
> ip route 0.0.0.0 0.0.0.0 Dialer0
> access-list 1 permit 10.16.16.0 0.0.0.255
>
>
> Pix is Simple.
> ==========
> PIX Version 7.0(1)
> names
> !
> interface Ethernet0
> nameif outside
> security-level 0
> ip address 10.16.16.10 255.255.255.0
> !
> interface Ethernet1
> nameif inside
> security-level 100
> ip address 10.17.16.1 255.255.255.0
>
> access-group Outside-In in interface outside
> route outside 0.0.0.0 0.0.0.0 10.16.16.1 1
>
> ssh <My Ip Address> 255.255.255.255 outside
>
> I have also generated the rsa key using
> crypto key gen rsa modulus 1024
>
>
>
>
> The router looks OK.
> show ip nat trans : gives
> ADSLRtr#show ip nat trans
> Pro Inside global Inside local Outside local Outside
> global
> tcp <Routers Public Address>:22 10.16.16.10:22 <My IP Address>:1520
> <My IP Address>:1520
> tcp <Routers Public Address>:22
> 22 --- ---
>
> Now the PIX does not even see the connection but my NAT on the router
> should be sending SSH packets through to it on port 22 and IP 10.16.16.10
>
> Also From the PIX I can ping the ADSL router but no farther?
> The router can ping everything fine.
>
> Any pointers please.
>
> G
>
>
>
>
>
Did not think it relevant but had standby groups on the inside interfaces as
there are 2 routers for failover.
They looked like this.
interface FastEthernet0/0
ip address 10.16.16.3 255.255.255.0
ip nat inside
duplex auto
speed auto
standby 1 ip 10.16.16.1
standby 1 priority 80
standby 1 preempt
When I removed the standby group and change the IP address of this inside
interface to be 10.16.16.1 it worked straight away!
Grrr...
Bug? oversight? Error?
Gary
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map