bin_asc Posted August 15, 2007 Share Posted August 15, 2007 Socket Connection Failed (Connection timed out - 110) Ok, this would have been easy to fix, open ports, and that`s that. But it`s not working. I have a Cisco Pix firewall, and I just can`t make it to work. I can`t use the WHM Import Tool. 0 Quote Link to comment Share on other sites More sharing options...
bin_asc Posted August 15, 2007 Author Share Posted August 15, 2007 No replies ... anyone any ideas ? 0 Quote Link to comment Share on other sites More sharing options...
trine Posted August 16, 2007 Share Posted August 16, 2007 which pix? and are you running it as nat? feel free to post your fixup protocols here or your complete config. in your fixups you should have 2086 and 2087 allowed 0 Quote Link to comment Share on other sites More sharing options...
bin_asc Posted August 16, 2007 Author Share Posted August 16, 2007 I can`t ssh in the PIX for some reason. I tried to do it, but it will just deny my user. 0 Quote Link to comment Share on other sites More sharing options...
bin_asc Posted August 16, 2007 Author Share Posted August 16, 2007 I`m using the GUI interface. And it`s Cisco PIX 501. 0 Quote Link to comment Share on other sites More sharing options...
trine Posted August 16, 2007 Share Posted August 16, 2007 dump the config, and post it here. for ssh, you need to make sure the port is opn and generate an rsa key... or open the pdm: example: ssh your.extrenal.ip 255.255.255.255 outside ssh 0.0.0.0 0.0.0.0 outside ssh your.internal network.address your.network.mask inside 0 Quote Link to comment Share on other sites More sharing options...
bin_asc Posted August 16, 2007 Author Share Posted August 16, 2007 Does that open SSH for the PIX or for my boxs` ip ? 0 Quote Link to comment Share on other sites More sharing options...
bin_asc Posted August 16, 2007 Author Share Posted August 16, 2007 Building configuration...: Saved : PIX Version 6.3(5) interface ethernet0 100full interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password xxxxxx encrypted passwd xxxxx encrypted hostname pixfirewall domain-name xxxxxxxxxxxx fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list outside_access_in permit tcp any any eq ftp-data access-list outside_access_in permit tcp any any eq ftp access-list outside_access_in permit tcp any any eq ssh access-list outside_access_in permit tcp any any eq 42 access-list outside_access_in permit udp any any eq nameserver access-list outside_access_in permit tcp any any eq domain access-list outside_access_in permit udp any any eq domain access-list outside_access_in permit tcp any any eq www access-list outside_access_in permit tcp any any eq pop3 access-list outside_access_in permit tcp any any eq https access-list outside_access_in permit tcp any any eq 465 access-list outside_access_in permit tcp any any eq 587 access-list outside_access_in permit tcp any any eq 995 access-list outside_access_in permit tcp any any eq 993 access-list outside_access_in permit tcp any any eq 3389 access-list outside_access_in permit tcp any any eq 8443 access-list outside_access_in permit tcp any any eq 9999 access-list outside_access_in permit tcp any any eq 2086 access-list outside_access_in permit tcp any any eq 2087 access-list outside_access_in permit tcp any any eq 2082 access-list outside_access_in permit tcp any any eq 2083 access-list outside_access_in permit tcp any any eq 2096 access-list outside_access_in permit tcp any any eq 2095 access-list outside_access_in deny tcp any any eq telnet access-list outside_access_in permit tcp any any eq smtp access-list outside_access_in deny tcp any any eq imap4 access-list outside_access_in deny tcp any any eq 1433 access-list outside_access_in deny tcp any any eq 3306 access-list outside_access_in deny tcp any any eq 9080 access-list outside_access_in deny tcp any any eq 9090 access-list outside_access_in permit icmp any any echo-reply access-list outside_access_in permit icmp any any source-quench access-list outside_access_in permit icmp any any unreachable access-list outside_access_in permit icmp any any time-exceeded access-list outside_access_in permit tcp any any eq 7080 access-list outside_access_in permit tcp any any eq 2080 access-list outside_access_in permit tcp any any eq 55555 access-list outside_access_in permit tcp any any eq 125 pager lines 24 logging on mtu outside 1500 mtu inside 1500 ip address outside pix.ip 255.255.255.0 ip address inside 10.0.0.254 255.255.255.0 ip verify reverse-path interface outside ip audit info action alarm ip audit attack action alarm pdm location 10.0.0.1 255.255.255.255 inside pdm location external.ip1 255.255.255.255 outside pdm location 10.0.0.1 255.255.255.255 outside pdm location 10.0.0.2 255.255.255.255 inside pdm location external.ip2 255.255.255.255 outside pdm history enable arp timeout 14400 static (outside,inside) 10.0.0.1 external.ip1 dns netmask 255.255.255.255 0 0 static (inside,outside) external.ip1 10.0.0.1 dns netmask 255.255.255.255 0 0 static (outside,inside) 10.0.0.2 external.ip2 dns netmask 255.255.255.255 0 0 static (inside,outside) external.ip2 10.0.0.2 dns netmask 255.255.255.255 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 208.109.90.254 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 0.0.0.0 0.0.0.0 outside http 10.0.0.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet timeout 5 ssh 0.0.0.0 0.0.0.0 outside ssh my.ip 255.255.255.255 outside ssh timeout 5 management-access outside console timeout 0 username xxxxxxxx password xxxx encrypted privilege 15 terminal width 80 Cryptochecksum:xxxxxxxxx : end [OK] That`s it 0 Quote Link to comment Share on other sites More sharing options...
trine Posted August 17, 2007 Share Posted August 17, 2007 Does that open SSH for the PIX or for my boxs` ip ? yes normally it should. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.