Simple ADSL Router with PIX

Discussion in 'Cisco' started by Gary, Nov 26, 2005.

  1. Gary

    Gary Guest

    I have an ADSL router and behind this a PIX. I want to be able to SSH to the
    pix from an external source.

    I can telnet to the public IP of the router fine.

    Looks like this.
    ADSL Router is simple.
    ================
    interface ATM0/0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode auto
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface FastEthernet0/0
    ip address 10.16.16.3 255.255.255.0
    ip nat inside
    !This is the inside interface handing off to the PIX
    duplex auto
    speed auto

    interface Dialer0
    ip address negotiated
    ip nat outside
    encapsulation ppp
    dialer pool 1
    dialer persistent
    dialer-group 1
    ppp authentication chap callin
    ppp chap hostname whatever
    ppp chap password 0 whatever
    ppp multilink
    !
    ip nat inside source list 1 interface Dialer0 overload
    ip nat inside source static tcp 10.16.16.10 22 212.2.2.50 22 extendable

    ip route 0.0.0.0 0.0.0.0 Dialer0
    access-list 1 permit 10.16.16.0 0.0.0.255


    Pix is Simple.
    ==========
    PIX Version 7.0(1)
    names
    !
    interface Ethernet0
    nameif outside
    security-level 0
    ip address 10.16.16.10 255.255.255.0
    !
    interface Ethernet1
    nameif inside
    security-level 100
    ip address 10.17.16.1 255.255.255.0

    access-group Outside-In in interface outside
    route outside 0.0.0.0 0.0.0.0 10.16.16.1 1

    ssh <My Ip Address> 255.255.255.255 outside

    I have also generated the rsa key using
    crypto key gen rsa modulus 1024




    The router looks OK.
    show ip nat trans : gives
    ADSLRtr#show ip nat trans
    Pro Inside global Inside local Outside local Outside global
    tcp <Routers Public Address>:22 10.16.16.10:22 <My IP Address>:1520
    <My IP Address>:1520
    tcp <Routers Public Address>:22 10.16.16.10:22 --- ---

    Now the PIX does not even see the connection but my NAT on the router should
    be sending SSH packets through to it on port 22 and IP 10.16.16.10

    Also From the PIX I can ping the ADSL router but no farther?
    The router can ping everything fine.

    Any pointers please.

    G
    Gary, Nov 26, 2005
    #1
    1. Advertising

  2. Gary

    Gary Guest

    "Gary" <> wrote in message
    news:za6if.14488$Mi5.6744@dukeread07...
    >I have an ADSL router and behind this a PIX. I want to be able to SSH to
    >the pix from an external source.
    >
    > I can telnet to the public IP of the router fine.
    >
    > Looks like this.
    > ADSL Router is simple.
    > ================
    > interface ATM0/0
    > no ip address
    > no atm ilmi-keepalive
    > dsl operating-mode auto
    > pvc 0/38
    > encapsulation aal5mux ppp dialer
    > dialer pool-member 1
    > !
    > !
    > interface FastEthernet0/0
    > ip address 10.16.16.3 255.255.255.0
    > ip nat inside
    > !This is the inside interface handing off to the PIX
    > duplex auto
    > speed auto
    >
    > interface Dialer0
    > ip address negotiated
    > ip nat outside
    > encapsulation ppp
    > dialer pool 1
    > dialer persistent
    > dialer-group 1
    > ppp authentication chap callin
    > ppp chap hostname whatever
    > ppp chap password 0 whatever
    > ppp multilink
    > !
    > ip nat inside source list 1 interface Dialer0 overload
    > ip nat inside source static tcp 10.16.16.10 22 212.2.2.50 22 extendable
    >
    > ip route 0.0.0.0 0.0.0.0 Dialer0
    > access-list 1 permit 10.16.16.0 0.0.0.255
    >
    >
    > Pix is Simple.
    > ==========
    > PIX Version 7.0(1)
    > names
    > !
    > interface Ethernet0
    > nameif outside
    > security-level 0
    > ip address 10.16.16.10 255.255.255.0
    > !
    > interface Ethernet1
    > nameif inside
    > security-level 100
    > ip address 10.17.16.1 255.255.255.0
    >
    > access-group Outside-In in interface outside
    > route outside 0.0.0.0 0.0.0.0 10.16.16.1 1
    >
    > ssh <My Ip Address> 255.255.255.255 outside
    >
    > I have also generated the rsa key using
    > crypto key gen rsa modulus 1024
    >
    >
    >
    >
    > The router looks OK.
    > show ip nat trans : gives
    > ADSLRtr#show ip nat trans
    > Pro Inside global Inside local Outside local Outside
    > global
    > tcp <Routers Public Address>:22 10.16.16.10:22 <My IP Address>:1520
    > <My IP Address>:1520
    > tcp <Routers Public Address>:22
    > 22 --- ---
    >
    > Now the PIX does not even see the connection but my NAT on the router
    > should be sending SSH packets through to it on port 22 and IP 10.16.16.10
    >
    > Also From the PIX I can ping the ADSL router but no farther?
    > The router can ping everything fine.
    >
    > Any pointers please.
    >
    > G
    >
    >
    >
    >
    >

    Did not think it relevant but had standby groups on the inside interfaces as
    there are 2 routers for failover.
    They looked like this.
    interface FastEthernet0/0
    ip address 10.16.16.3 255.255.255.0
    ip nat inside
    duplex auto
    speed auto
    standby 1 ip 10.16.16.1
    standby 1 priority 80
    standby 1 preempt

    When I removed the standby group and change the IP address of this inside
    interface to be 10.16.16.1 it worked straight away!


    Grrr...

    Bug? oversight? Error?

    Gary
    Gary, Nov 26, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alex Clarke

    Sweex ADSL Annex-A wired ADSL Router Switch

    Alex Clarke, Oct 15, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    5,752
    Alex Clarke
    Oct 16, 2005
  2. Adam Aglionby

    ADSL router as ATA without ADSL bit?

    Adam Aglionby, Aug 24, 2005, in forum: UK VOIP
    Replies:
    2
    Views:
    1,531
  3. LincolnShep
    Replies:
    3
    Views:
    2,621
    Jack \(MVP-Networking\).
    Nov 8, 2006
  4. Replies:
    7
    Views:
    4,239
    Kimba W. Lion
    Jan 26, 2007
  5. czar

    adsl router to adsl router

    czar, May 1, 2007, in forum: Cisco
    Replies:
    2
    Views:
    438
    Doug McIntyre
    May 1, 2007
Loading...

Share This Page