Question

Cisco Pix 501 Static IP in out

Using Ubuntu 14.04
Router Static ip 83.105.XXX.XXX > Pix > 172.16.3.4 Pc
Using a second IP on a Different ISP 96.236.xxx.xxx trying to ssh into 83.105.xxx.xxx, with no luck, can anyone help please.
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname rose
domain-name pix.rose.co.uk
fixup protocol dns maximum-length 1500
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list block_ports permit ip any any
access-list block_ports deny udp 172.16.3.0 255.255.255.0 any eq 3544
access-list block_ports deny udp 172.16.3.0 255.255.255.0 any eq 2001
access-list outside_in permit udp host 158.152.1.43 host 172.16.3.0 eq domain
access-list outside_in permit udp host 158.152.1.58 host 172.16.3.0 eq domain
#
access-list outside_in permit tcp any host 172.16.3.0 eq smtp
access-list outside_in permit udp any eq ntp host 172.16.3.4 eq ntp
access-list outside_in permit tcp host 92.236.xxx.xxx host 172.16.3.4 eq ftp
#
access-list outside_in permit tcp host 217.155.xxx.xxx host 172.16.3.4 eq 2200
access-list outside_in permit tcp host 82.70.xxx.xxx host 172.16.3.4 eq 2200
access-list outside_in permit tcp host 92.236.xxx.xxx host 172.16.3.4 eq 2200
#
access-list outside_in permit tcp host 82.70.xxx.xxx host 172.16.3.4 eq 3600
access-list outside_in permit tcp host 82.70.xxx.xxx host 172.16.3.4 eq 6300
access-list outside_in permit udp host 82.70.xxx.xxx host 172.16.3.4 eq 6301
access-list outside_in permit udp host 82.70.xxx.xxx host 172.16.3.4 eq 10091
#
no pager
logging on
logging timestamp
logging trap warnings
logging device-id ipaddress outside
logging host inside 172.16.3.40
icmp permit 172.16.3.0 255.255.255.0 echo-reply inside
mtu outside 1500
mtu inside 1500
ip address outside 83.105.xxx.xxx 255.255.255.248
ip address inside 172.16.3.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 83.105.xxx.xxx 172.16.3.4 netmask 255.255.255.255 0 0
access-group outside_in in interface outside
access-group block_ports in interface inside
route outside 0.0.0.0 0.0.0.0 83.105.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
ntp server 178.23.121.164 source outside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside 172.16.3.40 /backup.cfg
floodguard enable
telnet timeout 5
ssh 172.16.3.0 255.255.255.0 inside
ssh timeout 60
console timeout 0
terminal width 80

Discussion is locked

Follow
Reply to: Cisco Pix 501 Static IP in out
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Cisco Pix 501 Static IP in out
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Answer
Nope. 172.16 is a private network.
- Collapse -
Nope. 172.16 is a private network

Good Afternoon Thanks for coming back to my problem

I use the 172.16 Network as the inside network, is this not allowed.. ???
Port 2200 is the ssh port...

Thank you from Alan

- Collapse -
So where is it declared that ssh is on 2200?

I see some allow but nothing like fixup protocol rsh 514 for ssh.

Again, I'm not deep into Cisco scripts. I've fixed a few but I'm just a programmer and electronics designer that happened to write router code in the 90's. Not CCNA, never intended to go there as Cisco has their own plans.

- Collapse -
So where is it declared that ssh is on 2200?

Sorry I was not a ware it had to be fixup..
There are so many ways of writing these scripts, mine is static in and out, with access list
but it is not working lol failed again Happy

All the best from Alan

- Collapse -
Remember I have only helped others with this.

There could be other issues such as an ISP dropping SSH or other firewall issues. Try other than SSH to see if anything makes it through to this machine from the internet.

- Collapse -
SSH From other ISP

Ok I used demon, which has 8 ips to go out on one ip and back on an other ip into the pix
which keeps the traffic inside the router, and still nothing....
All the best from Alan

- Collapse -
Then back to Cisco

To see what they think. My view is that it's too likely the drop is somewhere else or your code is still incorrect.

CNET Forums

Forum Info