Setting up outside SSH on a DHCP interface

I am working on setting up an external SSH connect to my pix501 however I was told that because my outside interface is set as DHCP that it wouldnt work. I think there may be an ability to create an alias for that interface that references the real IP address. Anyone have any insight on this? At this point I have no conf setup for this since I was told that it wouldnt work.

Reply to
Loading thread data ...

SSH is not bound to an IP, it is bound to an interface. It does not matter if you are using DHCP or have a static. Do you know for a fact that your IP actually changes? Some ISP's, such as the one I have at home, provide you the same IP via DHCP. I'm on DHCP here and have had the same IP for about 4years now. Only time it changes is if I put a different in device a different device to terminate the circuit.

If your IP does infact change on a regular basis, you can use small programs installed on PC's within your LAN to go to sites such as dyndns or no-ip to automatically update your DNS so you can use a name.

Setup of SSH on the Pix (assuming ver 6.X on your 501) is very easy.

1, config your pix as you normally would 2, make sure you have a domain name configured on the pix 3, ca generate rsa key 1024 4, ca save all (wr mem does not save the keys) 5, ssh x.x.x.x x.x.x.x ouside (replace the x's with where you want to allow SSH from, use for anywhere)

Your SSH is now enabled on the outside interface using a username of Pix and the password is your enable one. You can further enhance your security by configuring AAA for authentication.


Reply to
Brian V

DUH, I was told by someone who I had looked up to for a while on PIX and he said it couldn't be done. He said that I would need to configure interface 0 with a static IP before SSH could be used from the outside.

My ISP is the same way, pretty much gives out a new assignment based on the MAC, ive had the same on for years on my old router and the PIX received a new one. All in all I obtained what I was looking for, thank you Brian for your insight and help.

Reply to
tehlotus Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.