Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access SSH via updated port number

Status
Not open for further replies.
blinton25

blinton25

Programmer
Mar 20, 2004
104
BB
Hello,

I changed the default port number for ssh for a linux machine to 2050, but I can't create the appropriate static for it, I keep getting an error which states that my command is incorrect:

Could you peruse my config file and confirm that what I have is correct?



PC1# write terminal

Building configuration...

: Saved

:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password s encrypted

passwd a encrypted

hostname PC1

domain-name mysite.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25



fixup protocol sqlnet 1521



fixup protocol tftp 69



names



access-list 101 permit tcp any host 207.x.x.51 eq domain log



access-list 101 permit udp any host 207.x.x.51 eq domain log



access-list 101 permit tcp any host 207.x.x.51 eq


access-list 101 permit icmp any any echo-reply log



access-list 101 permit icmp any any echo log



access-list sshin permit tcp any host 207.x.x.51 eq 2050



pager lines 24



logging on



logging timestamp



logging buffered debugging



mtu outside 1500



mtu inside 1500



ip address outside 207.x.x.50 255.255.255.248



ip address inside 192.168.1.1 255.255.255.0



ip audit info action alarm



ip audit attack action alarm



pdm location 192.168.1.3 255.255.255.255 inside



pdm location 192.168.1.4 255.255.255.255 inside



pdm location 192.168.1.6 255.255.255.255 inside



pdm logging informational 100



pdm history enable



arp timeout 14400



nat (inside) 1 0.0.0.0 0.0.0.0 0 0



static (inside,outside) tcp 207.x.x.51 domain 192.168.1.3 domain netmask 255.255.255.255 0 0



static (inside,outside) udp 207.x.x.51 domain 192.168.1.3 domain netmask 255.255.255.255 0 0



static (inside,outside) tcp 207.x.x.51 255.255.255.255 0 0



static (inside,outside) tcp 207.x.x.52 domain 192.168.1.4 domain netmask 255.255.255.255 0 0



static (inside,outside) udp 207.x.x.52 domain 192.168.1.4 domain netmask 255.255.255.255 0 0



static (inside,outside) tcp 207.x.x.52 255.255.255.255 0 0



static (inside,outside) tcp 207.x.x.53 domain 192.168.1.6 domain netmask 255.255.255.255 0 0



static (inside,outside) udp 207.x.x.53 domain 192.168.1.6 domain netmask 255.255.255.255 0 0



static (inside,outside) tcp 207.x.x.53 255.255.255.255 0 0



static (inside,outside) 207.x.x.51 192.168.1.3 netmask 255.255.255.255 0 0



static (inside,outside) 207.x.x.52 192.168.1.4 netmask 255.255.255.255 0 0



static (inside,outside) 207.x.x.53 192.168.1.6 netmask 255.255.255.255 0 0



access-group sshin in interface outside



route outside 0.0.0.0 0.0.0.0 200.50.92.193 1



timeout xlate 0:05:00



timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00



timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00



timeout sip-disconnect 0:02:00 sip-invite 0:03:00



timeout uauth 0:05:00 absolute



aaa-server TACACS+ protocol tacacs+



aaa-server TACACS+ max-failed-attempts 3



aaa-server TACACS+ deadtime 10



aaa-server RADIUS protocol radius



aaa-server RADIUS max-failed-attempts 3



aaa-server RADIUS deadtime 10



aaa-server LOCAL protocol local



http server enable



http 192.168.1.0 255.255.255.0 inside



no snmp-server location



no snmp-server contact



snmp-server community public



no snmp-server enable traps



floodguard enable



telnet timeout 5



ssh timeout 5



console timeout 0



dhcpd address 192.168.1.2-192.168.1.32 inside



dhcpd lease 3600



dhcpd ping_timeout 750



dhcpd auto_config outside



dhcpd enable inside



terminal width 80



Cryptochecksum:4859eba3792223084d62bf67bf0fffd7



: end



[OK]
 
Sort by date Sort by votes
Hello,

From the documentation from the Pix manual I did the following:


access-list ssh1 permit tcp any host 207.x.x.51 eq 2050
access-group ssh1 in interface outside

Now I can access the machine.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
678
XLNTech1
XLNTech1
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
988
Shmid
Shmid
DivemasterBill
  • Locked
  • Question
Cannot connect via the SonicWall Login webpage
Replies
0
Views
283
DivemasterBill
DivemasterBill
Impersonator
  • Locked
  • Question
UDP Hacking port 53
Replies
1
Views
338
RodneyMcSnow
RodneyMcSnow
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
213
gbayi_omo
gbayi_omo

Part and Inventory Search

Sponsor

Back
Top