RE: SSH/IPSec to PIX

From: Koen Peetermans (K.Peetermans@chello.be)
Date: Sun Jun 13 2004 - 07:07:00 GMT-3

Should have read a little more carefully.... Since you are using telnet you
should telnet to the inside and allow it with the "telnet x.x.x.x inside"
command.

-----Original Message-----
From: Koen Peetermans [mailto:K.Peetermans@chello.be]
Sent: zondag 13 juni 2004 12:05
To: 'P729'; '910T'; 'Kareem Boules'; 'ccielab@groupstudy.com'
Cc: 'security@groupstudy.com'
Subject: RE: SSH/IPSec to PIX

Hi,

This is "normal" since the 4.0 client will never install an IPSEC sa for the
public IP addresses. I think this is done to lower memory requirements on
the Easy VPN Server. For example, the VPN 3005 will allow 200 sessions
instead of 100 sessions with the latest version and 4.0 clients connecting
to it.

You could work with the "management-access inside" command and connect to
the internal IP address. Don't forget the "HTTP x.x.x.x inside" command to
make it work.

Kind regards,

Koen.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of P729
Sent: zondag 13 juni 2004 10:23
To: 910T; Kareem Boules; ccielab@groupstudy.com
Cc: security@groupstudy.com
Subject: Re: SSH/IPSec to PIX

Sorry if I mislead anyone (I really need to read more carefully). I was
talking about VPNing to the PIX with the 4.x client and then _Telneting_ to
that PIX's outside interface through the tunnel, not SSH (why use SSH if you
already have a secure channel?). The problem remains the secure host route
to the PIX outside interface is not installed into the 4.x client as it is
with the 3.x client.

Regards,

Mas Kato
https://ecardfile.com/id/mkato

----- Original Message -----
From: "910T" <910t@cox.net>
To: "Kareem Boules" <kareem@synergyct.com>; <ccielab@groupstudy.com>
Cc: <security@groupstudy.com>
Sent: Saturday, June 12, 2004 9:13 AM
Subject: Re: SSH/IPSec to PIX

> I'm also dealing with this very issue at the moment. For some reason, the
> secured host route to the outside interface of the PIX stopped being
> installed with the 4.x version of the client as it was with the 3.x client
> (look at your statistics under Route Details). I installed the 3.6 client
> into a Virtual PC and it works fine with the same PIX configurations. I'm
> doing split-tunneling--perhaps there's a workaround by fiddling with the
> split-tunnel ACL. We'll see...
>
> Regards,
>
> Mas Kato
> https://ecardfile.com/id/mkato
>
> ----- Original Message -----
> From: "Kareem Boules" <kareem@synergyct.com>
> To: <ccielab@groupstudy.com>
> Cc: <security@groupstudy.com>
> Sent: Saturday, June 12, 2004 11:13 AM
> Subject: SSH/IPSec to PIX
>
>
> > Hey fellows,
> >
> > I wonder if someone can help with this scenario:
> > When I establish an IPSec tunnel between my SW Client (ver. 4) and PIX
> > (6.3), then I try to SSH to the PIX, it doesnt work. I tried out lots of
> > things, but the only workaround I could do is to, first, telnet to an
> inside
> > host, then SSH to the PIX from that host.
> > Any advice?
> >
> > Kareem
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:39 GMT-3