Can't ssh on pix from the external interface
I am using s/w ver 7.0 (4).
The config for ssh is:
generate crypto module rsa keys 1024
WR mem
SSH a.b.c.d 255.255.255.255 outside
but it does not work.
Help, please
Yes, if your external interface is mapped to y.y.y.y, then you will be not able to ssh to x.x.x.x as it will be pass on to y.y.y.y.
You can change the static 1 to 1 to the port for each particular port address translation you need sent to y.y.y.y.
Please evaluate the useful messages.
Tags: Cisco Security
Similar Questions
-
Telnet on PIX with the external interface
Is there a way to telnet in PIX Firewall through the external interface?
SSH is a valid method to access the site, but I wonder if there is another way to do it. PDM is another tool for access and modification of the configuration.
Any help will be useful.
Best wishes
Onur
I'm pretty sure that Telent directly to the external interface of a PIX is not available. It is such a big security risk that it is not offered as an option.
SSH is a much better way to go (even if it's only SSH1).
You can probably VPN in your network and Telnet from inside.
Good luck
Scott
-
No not removed from the external interface access-list access list?
PIX515
customer wanted to modify the access list (add a new line)
so he has first publish no access-list command can
apply the change to the access list, but the access list has been
removed from the interface outside
is this a normal behavior? on routers access list stay connected
for the event of the interface if you issue no access-list command
Thanks in advance for any comments
JYP
Hi Thibault-
No, it is not a normal behavior, sounds more like an error by the customer. It's always a good idea to copy the required ACL on a text editor (Notepad) do not forget to include "access-group command" i.e. "access-group interface inside inside' or 'access-group out in interface outside' - when copying the required ACL and then issues a 'no access-list inside' or 'no access-list outside' the first line in the ACL copied on your notebook before copy you it to the PIX , also make sure that you are using the config and make an "m wr" (write memory) after the ACL modified have been applied on the PIX.
Hope this helps-
-
Computer tries to boot from the external drive
I use a desktop computer with Windows 7. I have an external hard drive connected as a backup drive.
While booting, the computer tries to boot from the external drive and nothing happens.
In order to get the machine to start, I have to unplug the drive hard Ext., which is a waste of time.
I would like to back up on the drive internally the computer c:
Is there a way I can stop trying to boot from the external drive?
At the start of the pc, open the BIOS, usually output tab, search (priority boot device), set C: 1st, 2nd or 3rd external
Save and exit. Also, more need of HDs to put in shape before using it, most come in a "raw" State the mfg
-
How to configure ssh on the external interface of the asa? I have defined an applied, external interface access list, but it did not work for some reason any
Here is a list of access
interface GigabitEthernet0/1
nameif outside
security-level 0
IP 10.254.17.9 255.255.255.248
!
interface GigabitEthernet0/2
No nameif
security-level 100
no ip address
!
interface GigabitEthernet0/3
EIGRP 2008 description
nameif eigrp
security-level 100
IP 10.40.50.65 255.255.255.252
!
interface Management0/0
nameif management
security-level 100
IP 192.168.251.1 255.255.255.0
management only
!
boot system Disk0: / asa821 - k8.bin
passive FTP mode
access-list 110 scope ip allow a whole
NAT allowed ip extended access list a whole
allow_ping list extended access permit icmp any any echo response
allow_ping list extended access permit icmp any any source-quench
allow_ping list extended access allow all unreachable icmp
allow_ping list extended access permit icmp any one time exceed
allow_ping list extended access udp allowed any any eq isakmp
allow_ping list extended access allow esp a whole
allow_ping ah allowed extended access list a whole
allow_ping list extended access will permit a full
allow_ping list extended access permit tcp any any eq ssh
access-list extended ip allowed any one sheep
icmp_inside list extended access permit icmp any one
icmp_inside of access allowed any ip an extended list
pager lines 24
asdm of logging of information
Outside 1500 MTU
EIGRP MTU 1500
management of MTU 1500
no failover
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow all outside
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
Access-group allow_ping in interface outside
Can't say I've seen this before, but SSH is easy to do on the SAA.
I recommend you to take out the first interface access list to see if that would be it.
You have published only a partial section of the config, but make sure you have the SSH command with the address of the subnet that you connect from. Your config is no longer visible as I type this but try "SSH 0.0.0.0 0.0.0.0 outdoors. This allows all subnets access to the external interface. This command works as an access list to restrict connectivity to approved subnets. i.e. ' SSH 10.0.0.0 255.0.0.0 out "only allow hosts on the 10.x.x.x network to connect via SSH.
Turn 'debug ssh' to see what errors are too.
And, you can always remove your keys (related encryption rsa key) and rebuild their return (encryption key generate rsa 1024 mod gen). This will make your ssh client, I use PuTTY, think that this is a new feature and invites the OK to connect.
Good luck.
Kevin
-
VPN client and ssh to the external interface of the ASA
Hello world
I was testing clientless ssl in my lab at home.
When you're connected via vpn without customer, I am able to ssh ASA outside interface, but when I use ssl vpn only I can't ssh to the external interface of the ASA.
Need to figure out how I can ssh to the external interface of the ASA using clientless ssl vpn?
Concerning
MAhesh
Mahesh,
When you are on clientless SSL VPN to your customer is not limited routes of the Internet, isn't being NATted etc. If ASA is set to allow ssh from outside, then the VPN SSL without client user is no different from any other.
A the user SSL VPN full tunnel can have any or all of these factors at play. One of them can cause the impossibility to access the ASA outside interface via ssh. I see the configuration to tell you which one (or more) is to blame.
-
Of failure, white screen MacBook Pro HARD drive try to boot from the external HARD drive
Hello
I have a 2008 Macbook Pro which is having some problems, I was able to fix them, but eventually the hard drive failed. I know that because at startup until it would have a white screen Uni (no logo) and you can hear a clicking on in the lower left corner. I thought initially it was a memory problem, but after opening and verification of memory, it's clearly the hard drive.
I solved this problem temporarily (until I can replace the HARD disk) by installing El captain on an external HARD disc and start from that. Here's the twist, I couldn't he can begin to El captain, I tried CMD + R, CMD + OPT + R, CMD + OPT + R + P and now shift. Everything that's happened would be that clicks would cease to release the keys.
I left the macbook on while I'm at work, when I got home it was on the screen to connect the external HARD drive.
I accidentally closed the macbook yesterday and again once when I tried to log on, I could not and I left it on a white screen while I was sleeping. There is a possibility that he may have launched from the HARD drive when I get home, but if not, is there something that escapes me to force do this?
See you soon
Usually start up to a blank screen without the Apple Logo, may report one of the following:
- Hardware failure
- Boot drive is not recognized as valid and updated updated
- OS X essential software is missing, hurt moved or renamed or corrupt
- A firmware update is necessary
No matter who, in order to boot from an external drive "bootable", you would normally hold down the Option key until you get a screen that offers a number of devices to try to boot from.
Alternatively, you can try holding down the C key to try to boot from the external drive.
If none of these startup options work, then the bootable disc or the USB port on your MacBook Pro can be the question.
Since you have a Mac pre-2013, if you hold down the D key while booting, the built-in Apple Hardware Test should start up. This can help to identify hardware problems.
-
OS to boot from the external drive
So I searched high and low, and I don't know if the Toshiba Satillite are able to start an operating system on an external hard drive. I discovered that there are portable computers that can do but their BIOS must beable to do. If Toshiba laptops can do those who can?
Hello
As far as I know it of not possible to boot from the external USB HDD.
I found several postings on similar themes and it seems that it is only possible to boot from the external USB FDD, HDD, ODD and LAN are sometimes also PCMCIA card. -
I spilled coffee on my Macbook Air and does not illuminate. How to transfer files from the external hard drive to backup my new Macbook Air?
If you had a Time Machine backup, you can use the Migration Wizard and connect your new Mac on the external drive which has the Time Machine backup: move your content to a new Mac - Apple Support
-
HP personal media drive hp0000: remove the hard drive from the external area.
My external hard drive does not work and I would like to remove the drive from the external hard drive case. How to open the short cut through the plastic box? I have other cases of emjpty for the hard drive.
Access to the internal hard drive: methods and variants
(1) open the support HP Pocket Drive is as simple as peel back label hardened plastic on the end of usb connection and to extract both little phillip screws hidden. Once the removed screws the drive carrier will slide on the front of the case and the hard drive can be easily replaced.
(2) the same video
(3) it is very easy to detach. With a small flat screwdriver take the label on the back cover. This will reveal the 2 small Phillips head screw. Remove them and gently pull the back cover. Then gently push all inside the well hard drive that forward into the aluminum housing. Careful not to push the reader through the case and on the floor.
-
I have an external hard drive that I loaded all my important files on all my computers. There is a file that I put in place restrictions to access, but it has been so long that I don't know how I did it or how to remove it. How can I remove restrictions file from an external hard drive so I can view or access these files on any computer instead of just one file has first been created? The computer that I created the folder of running Windows Vista. I am not able to access files in this folder from any other computer. It gives me the following error: "E:\School is not accessible. Access is denied. »
Hi mango127,
I suggest that you give all permissions for everyone on this folder and check if it works.
"Access denied" error message when you try to open a folder
http://support.Microsoft.com/kb/810881
How to capture a file or a folder in Windows XP
http://support.Microsoft.com/kb/308421
If the previous step fails then I would suggest that you take the backup of this folder on the computer you were accessing and later to format the hard drive.
How to use disk management to configure basic disks in Windows XP
-
Telnet to the PIX from the outside
I tried the task through several suggestions.
None of which worked. My last try was using this link.
PIX VPN client works fine however I am still unable to telnet to the PIX.
In addition, the document speaks of configuration on the client.
Step 3 in the VPN client, create a security policy that specifies the IP address of the remote party identity and IP gateway under the same IP address IP address of the external interface of the PIX firewall. In this example, the IP address of the PIX firewall outside is 168.20.1.5.
I see there is only one place to put an IP address on the client. There is no place on the client to a gateway address. I tried to change my gateway machine and it still does not work.
Does anyone have a config to work on how to Telnet to a PIX from the outside?
The step that you are referencing is for users who use the old client VPN CiscoSecure. Do you really use that? I'm guessing that you are actually using the VPN client 3000, in which case you just have:
(1) an acl of encryption that allows the traffic of your address has been assigned outside the pix
(2) a statement of telnet that allows telnet address assigned from outside
i.e.
no_nat of ip host 200.1.1.1 access list permit 10.1.1.100
Telnet 10.1.1.100 255.255.255.255 outside
HTH
Jeff
-
VPN SSL from the inside on the external interface
Hi all
First of all I know that I can activate the SSL interface inside, but that's not what I need or want.
Scenario:
Several interfaces and VLAN on the SAA (running 8.0.5).
SSL VPN configured and enabled on the external interface.
Need to know if it is possible to access the SSL VPN from other interfaces directly to the IP address external interface, something like her hairpin.
Possible a solution (if it exists) with or without NAT (I have public IPs on some interfaces).
This will be useful for users who can connect any interface (inside, outside, or other) and with only a DNS record, I'll be able to manage everything.
Concerning
PS: Is DNS doctoring an option? The tests that I have done this does not work.
Post edited by: rcordeiro
Hello
Unfortunately, it is not possible. You cannot communicate with an ASA interface which is not directly connected through the firewall.
Kind regards
NT
-
Transfer the virtual machine from the external drive - URGENT HELP PLEASE
I recently transferred my Virtual Machine to a hard drive external that I had to reinstall my OS Leopard, now when I try to copy the VM back to my mac from the external hard drive, to halfway through I have error message... "You cannot copy"Windows Vista.vmwarevm"because it has the same name as another article on volume of destination, and that the volume is not making the distinction between upper and lower case in file names."
Virtual machine worked well for the external hard drive, but it's not convenient for me and I need ideally on my laptop... Please notify.
To this folder on the Mac you copy it and what else is in this folder when copy you it. I hope also merger is closed when you try to copy.
Another thing you can do is inside the packaging of the Virtual Machine, there are two folders, Applications, and appListCache, I always delete before copy/move and these will be recreated and the reason why I do it, it is I saw copy fail until they have been deleted, although generally, it is one of the app in the Applications folder with the module of Virtual Machine that caused the problem.
VMware Fusion (menu bar) > help > Search > type Package and then select work with Virtual Machine packages
-
Problem: After I do a backup one using ghettoVCB on a local VMFS volume, I have a virtual machine that I can start something happened to that running. However, sometimes I just need a file from the OS level, which means that I would need to start to get them, but then I have an IP address conflict. I can't imagine a way to have the NICs turned off and still be able to move the file. If I change the IP addresses, the software that I need to create the file that I need to transfer no longer works because, although there no need of constant connectivity to the seller, it is locked to the public IP address.
Material: I have two 4 ESXi hosts to work, each with local VMFS volumes. They share a private vlan common and a vlan common public. They each ssh, ftp, wput, wget, and rsync available. I have a Windows 2003 Server VM which also hosts a NFS and the VI client and other VMWare tools. It also has private and public interfaces as do virtual machines that would be to make and receive the OS files.
Question: How can I transfer a file from the operating system to a backup of the production running VM virtual machine?
Thank you!
Yes Mr President, make sure you set the network on this virtual machine to be connected to the 'Internal' vswitch, you set up before turning the power on to the virtual machine.
-
Maybe you are looking for
-
Portege R500: Need drivers XP for FN button utility
Hello... I reinstalled Win XP (include formatting HDD), so recovery is impossible...I have need of a link or a name driver to activate the FN keys on my keyboard... Please advise...Thnkx...
-
Computer sounds when phone rings
I think I have something that I would not have allowed. I don't think I want to receive calls on my computer. How can I fix it back as it was. (I thought that I was allowing iMessages on my computer, but my iPhone).
-
How can I configure my photosmart hp 6520 series be0830 scan in color
When I scan with my hp photosmart series 6520 be0830 scan it in black and white. How can I put it to scan color also. Thank you
-
WRT110 - cannot access a modem or router
I bought WRT110 about 1 week ago and it was working OK (not the best), but it was satisfying. There are 2 laptops at home trying to access this router. I loaded the cd on the main laptop and the other will link also, but sometimes there are issues w
-
How to change the display of the screen being stretched, blurred and the police is too big
my screen went all tense and blurry, and the police is greater. I had connected it to a TV. I experminted with the resolution settings, but they have not made a difference, what do I do now?