You can also do "ca zeroize rsa" to clear the key then do "ca gen rsa key 512" to generate a new one. Just make sure your souce IP your connecting from is correct. Try turning on debug like "debug crypto ipsec|isakmp|ca" to determine what is being rejected.
-Jake -----Original Message----- From: Hansraj Patil [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 1:24 PM To: [EMAIL PROTECTED] Subject: RE: PIX 6.1(1) SSH to outside [7:26502] Maybe be PIX might have lost the RSA key. Regenerate the RSA key, do write mem & see if it works. I have seen the problem where PIX used to loose RSA key every time I reboot the PIX. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Russell Lusignan Sent: Friday, November 16, 2001 10:28 AM To: [EMAIL PROTECTED] Subject: Re: PIX 6.1(1) SSH to outside [7:26502] 0.0.0.0 0.0.0.0 specifies all ... but I have done x.x.x.x 255.255.255.255 outside and it still doesn't work. ""Hansraj Patil"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Don't to have specify client IP address in ssh command...? > > ssh (IP address & netmask) oustside > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Russell Lusignan > Sent: Friday, November 16, 2001 9:46 AM > To: [EMAIL PROTECTED] > Subject: Re: PIX 6.1(1) SSH to outside [7:26502] > > > Yup, hostname and domain are configured, and show ca mypubkey shows > the key, > sorry, should have included that in the original post. Let me know if > you have any other ideas :) > > -Russ > > > ""Patrick Bass"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > did you configure a hostname and a domain-name? > > do a "show ca mypubkey rsa" from config mode to verify you have a > > key also reissue "ssh 0 0 outside" > > > > if it doesn't work, pls post config > > > > ""Russell Lusignan"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hey group, > > > > > > I have a PIX 525 in failover that I am trying to get SSH enabled > > > on. I > > have > > > done: > > > > > > password > > > ca generate rsa key 1024 > > > ssh outside > > > ca save all > > > > > > SSH doesn't respond in any way to my client (tried several). > > > Debug SSH > > > shows nothing, and Debug IP packet shows my client IP trying to > establish > > a > > > session on port 22 with the PIX, yet the PIX doesn't respond. The 525s > > are > > > working correctly (passing traffic etc.. ) > > > > > > Another set of 525's SSH config work fine, can't think of what I > > > am > > missing > > > here. > > > > > > Anyone have any ideas? > > > > > > -Russ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26527&t=26502 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
