Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4042
Views
1
Helpful
2
Replies

Configuring ASA to allow for SFTP (tcp-22) access to external server

amvita
Level 1
Level 1

‎09-27-2007 08:30 AM - edited ‎03-03-2019 06:56 PM

I need to configure an ASA5505 (SW 7.2(2)) to allow for SFTP (tcp-22) access to an external server. All internal clients use a dynamic NAT/PAT to a single external address (outside interface). Below is the error I see on the ASA:

2 Sep 27 2007 20:54:32 106001 <SFTP-Server-Address> <ASA-outside-interface(NAT)-Address> Inbound TCP connection denied from <SFTP-Server-Address>/22 to <ASA-outside-interface(NAT)-Address>/1321 flags FIN ACK on interface outside

The ASA currently just has the default Security policy on it. Can anyone assist with this config.

1 person had this problem
Labels:
0 Helpful
2 Replies 2

jsivulka
Level 5
Level 5

‎10-04-2007 06:39 AM

In order to allow outbound SFTP traffic (TCP port 22) please adds the following line:

access-list outbound permit tcp any any eq 22

gander001
Level 1
Level 1
In response to jsivulka

‎02-10-2015 04:27 AM

This solution doesn't work for me.

ASA5505

access-list outbound permit tcp any any eq 22

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card