Port Forwarding

Answered Question
Apr 30th, 2007
User Badges:

I need to allow a vendor to get ssh access to a device on my inside network. Of course I want to limit where the ssh is coming from and going to. Do the lines below look sufficient?


access-list acl_out permit tcp host outside.vendor.ip host my.outside.ip eq ssh


static (inside,outside) tcp my.outside.ip ssh my.internal.ip ssh netmask 255.255.255.255 0 0


Correct Answer by acomiskey about 10 years 1 month ago

Yes, unless "my.outside.ip" is the ip of your outside interface. In that case, replace "my.outside.ip" with the keywork "interface". Also apply the acl with "access-group acl_out in interface outside".

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
acomiskey Mon, 04/30/2007 - 12:06
User Badges:
  • Green, 3000 points or more

Yes, unless "my.outside.ip" is the ip of your outside interface. In that case, replace "my.outside.ip" with the keywork "interface". Also apply the acl with "access-group acl_out in interface outside".

Actions

This Discussion