From: Godswill Oletu (oletu@inbox.lv)
Date: Mon Sep 06 2004 - 10:08:39 GMT-3
Rajagopal,
You can ssh from any interface/subnet depending on your config. Try opening
up ssh from all interfaces and close and exclude interfaces/ip addresses
that are not needed.
1. To allow all host to ssh from the interface named "inside"
ssh 0.0.0.0 0.0.0.0 inside
2. To allow all host to ssh from the interface named "outside"
ssh 0.0.0.0 0.0.0.0 outside
3. To allow all host to ssh from the interface named "dmz"
ssh 0.0.0.0 0.0.0.0 dmz
A trace route to an outside ip will reveal the interface that host is using
to go out.
Thanks.
Godswill Oletu
At 06:35 AM 9/6/2004, Rajagopal S wrote:
>Hello group,
>
>I'm trying to do SSH on a PIX dmz interface. Am actually able to succeed
>connecting to SSH from the same subnet as the PIX DMZ, but not from a
>different subnet.
>
>eg. PIX DMZ 10.50.4.1 , am able to SSH from a PC 10.50.4.10, but not able
>to do from a PC in another subnet. Routing is fine and am able to ping the
>PIX DMZ from the other PC (10.7.50.10). I have also tried regenerating the
>SSH key but of no use. any ideas on this ? cant i SSH to PIX from a
>foreign subnet.
>
>Note : all required commands for SSH configured on the PIX. infact , right
>now i have given ssh 0 0 dmz command on the PIX>
>
>Cheez
>Rajagopal.S CCIE #12887
>
>
>---------------------------------
>Do you Yahoo!?
>New and Improved Yahoo! Mail - Send 10MB messages!
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:37 GMT-3