How to open port 22 on PIX 515 firewall

Discussion in 'Cisco' started by mtschindler@yahoo.com, Jun 8, 2006.

  1. Guest

    I need to be able to connect to outside SFTP server using port 22.
    How do I open port 22 on our PIX firewall?
    Please keep it simple since I don't know much about PIX.

    Thanks in advance - Mark
     
    , Jun 8, 2006
    #1
    1. Advertising

  2. * wrote:
    > I need to be able to connect to outside SFTP server using port 22.
    > How do I open port 22 on our PIX firewall?


    Using access-list and access-group.

    But I fear you will run into much trouble, because SFTP is encrypted and
    therefore can't be inspect by the PIX. So you have to allow nearly every TCP
    stream between both servers.

    > Please keep it simple since I don't know much about PIX.


    There are good configuration guides on the Cisco website.
     
    Lutz Donnerhacke, Jun 8, 2006
    #2
    1. Advertising

  3. Newbie72 Guest

    wrote:
    > I need to be able to connect to outside SFTP server using port 22.
    > How do I open port 22 on our PIX firewall?
    > Please keep it simple since I don't know much about PIX.
    >
    > Thanks in advance - Mark


    By default the pix will allow outbound traffic from higher to
    lower(inside network to outside network interfaces) to lower security
    interfaces without having to do anything other than enabling NAT using
    the global commands. Post your config so we can see what us already
    have.

    Steve
     
    Newbie72, Jun 8, 2006
    #3
  4. Guest

    Lutz Donnerhacke wrote:
    > * wrote:
    > > I need to be able to connect to outside SFTP server using port 22.
    > > How do I open port 22 on our PIX firewall?

    >
    > Using access-list and access-group.
    >
    > But I fear you will run into much trouble, because SFTP is encrypted and
    > therefore can't be inspect by the PIX. So you have to allow nearly every TCP
    > stream between both servers.
    >
    > > Please keep it simple since I don't know much about PIX.

    >
    > There are good configuration guides on the Cisco website.


    Thanks for your reply - I need something more specific - I did look at
    cisco but didn't find anything I could use.

    Mark
     
    , Jun 8, 2006
    #4
  5. Lutz Donnerhacke, Jun 8, 2006
    #5
  6. SAto Guest

    Lutz Donnerhacke skrev:
    > But I fear you will run into much trouble, because SFTP is encrypted and
    > therefore can't be inspect by the PIX. So you have to allow nearly every TCP
    > stream between both servers.


    SFTP uses only port 22 as it is tunneled through SSH.
    You may be thinking of FTPS which uses random ports.

    SFTP should be pretty simple to set up using access list permitting tcp
    port 22.

    -SAto
     
    SAto, Jun 8, 2006
    #6
  7. J Guest

    SAto wrote:
    > Lutz Donnerhacke skrev:
    > > But I fear you will run into much trouble, because SFTP is encrypted and
    > > therefore can't be inspect by the PIX. So you have to allow nearly every TCP
    > > stream between both servers.

    >
    > SFTP uses only port 22 as it is tunneled through SSH.
    > You may be thinking of FTPS which uses random ports.
    >
    > SFTP should be pretty simple to set up using access list permitting tcp
    > port 22.
    >
    > -SAto


    Unfortunately marketing has bastardized the acronyms to the point of
    being useless. He could be attempting to set up either of the (SSL or
    SSH). Knowing what actual application he plans on using would be of
    great here here.

    J
     
    J, Jun 8, 2006
    #7
  8. * SAto wrote:
    > Lutz Donnerhacke skrev:
    >> But I fear you will run into much trouble, because SFTP is encrypted and
    >> therefore can't be inspect by the PIX. So you have to allow nearly every TCP
    >> stream between both servers.

    >
    > SFTP uses only port 22 as it is tunneled through SSH.
    > You may be thinking of FTPS which uses random ports.


    Yep. I confused "SFTP", "FTPS" and "Secure-FTP". Sorry.
     
    Lutz Donnerhacke, Jun 8, 2006
    #8
  9. keshav

    Joined:
    Jun 6, 2006
    Messages:
    15
    SFTP is the same as secure ftp which uses either TCP 22 or in some cases of sftp service installed on unix os , it use TCP 115.

    Either case you need to allow this port to go out through the pix.

    For the correct comands , let me know your present config so that i can post the commands for you.
     
    keshav, Jun 25, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David Ward

    LPD over 515 PIX Firewall

    David Ward, Oct 22, 2003, in forum: Cisco
    Replies:
    1
    Views:
    1,886
    Walter Roberson
    Oct 22, 2003
  2. J M
    Replies:
    0
    Views:
    1,233
  3. Bob Smith
    Replies:
    3
    Views:
    5,872
    Bob Smith
    Nov 10, 2004
  4. Scott Townsend
    Replies:
    8
    Views:
    760
    Roman Nakhmanson
    Feb 22, 2006
  5. Stephen M
    Replies:
    1
    Views:
    739
    mcaissie
    Nov 14, 2006
Loading...

Share This Page