Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to open port 22 on PIX 515 firewall

0 views
Skip to first unread message

mtsch...@yahoo.com

unread,
Jun 8, 2006, 7:53:22 AM6/8/06
to
I need to be able to connect to outside SFTP server using port 22.
How do I open port 22 on our PIX firewall?
Please keep it simple since I don't know much about PIX.

Thanks in advance - Mark

Lutz Donnerhacke

unread,
Jun 8, 2006, 8:16:10 AM6/8/06
to
* mtsch...@yahoo.com wrote:
> I need to be able to connect to outside SFTP server using port 22.
> How do I open port 22 on our PIX firewall?

Using access-list and access-group.

But I fear you will run into much trouble, because SFTP is encrypted and
therefore can't be inspect by the PIX. So you have to allow nearly every TCP
stream between both servers.

> Please keep it simple since I don't know much about PIX.

There are good configuration guides on the Cisco website.

Newbie72

unread,
Jun 8, 2006, 8:19:58 AM6/8/06
to

By default the pix will allow outbound traffic from higher to
lower(inside network to outside network interfaces) to lower security
interfaces without having to do anything other than enabling NAT using
the global commands. Post your config so we can see what us already
have.

Steve

mtsch...@yahoo.com

unread,
Jun 8, 2006, 8:25:36 AM6/8/06
to

Thanks for your reply - I need something more specific - I did look at
cisco but didn't find anything I could use.

Mark

Lutz Donnerhacke

unread,
Jun 8, 2006, 8:38:46 AM6/8/06
to
* mtsch...@yahoo.com wrote:

> Lutz Donnerhacke wrote:
>> There are good configuration guides on the Cisco website.
>
> Thanks for your reply - I need something more specific - I did look at
> cisco but didn't find anything I could use.

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/firewall/traffic.htm#wp1047858

SAto

unread,
Jun 8, 2006, 9:04:44 AM6/8/06
to

Lutz Donnerhacke skrev:

> But I fear you will run into much trouble, because SFTP is encrypted and
> therefore can't be inspect by the PIX. So you have to allow nearly every TCP
> stream between both servers.

SFTP uses only port 22 as it is tunneled through SSH.
You may be thinking of FTPS which uses random ports.

SFTP should be pretty simple to set up using access list permitting tcp
port 22.

-SAto

J

unread,
Jun 8, 2006, 10:13:15 AM6/8/06
to

Unfortunately marketing has bastardized the acronyms to the point of
being useless. He could be attempting to set up either of the (SSL or
SSH). Knowing what actual application he plans on using would be of
great here here.

J

Lutz Donnerhacke

unread,
Jun 8, 2006, 10:49:02 AM6/8/06
to
* SAto wrote:
> Lutz Donnerhacke skrev:
>> But I fear you will run into much trouble, because SFTP is encrypted and
>> therefore can't be inspect by the PIX. So you have to allow nearly every TCP
>> stream between both servers.
>
> SFTP uses only port 22 as it is tunneled through SSH.
> You may be thinking of FTPS which uses random ports.

Yep. I confused "SFTP", "FTPS" and "Secure-FTP". Sorry.

0 new messages