How to allow SSH to a server from outside across an ASA firewall.

Unanswered Question
Oct 24th, 2008
User Badges:

I have NATted an internal server to a public address and allowed all IP from a source external public IP Address to allow it SSH to the NATted internal server. I'am using an ASA firewall. i have configured all the rules on both the outside and inside interface. iam able to telnet to port 80 but i can't SSH to it from the internet. Locally on my LAN both both protocols work to the server. kindly assist.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
ajagadee Fri, 10/24/2008 - 06:41
User Badges:
  • Cisco Employee,

Hi,


Have you permitted TCP Port 22 in your Access-Lists. Example:


access-list INBOUND extended permit tcp any host x.x.x.x eq ssh


If you have already permitted the TCP Port 22 in the ACL, do you see any logs on the ASA when SSH does not work?


Regards,

Arul


*Pls rate if it helps*


wwanjohi123 Fri, 10/24/2008 - 07:47
User Badges:

I have applied as above, but cannot get any activity/ events on the real time log.

when i try to ssh from external it is still timming out.


Is there any special configs i need to do to allow ssh traffic?


I have permited all IP and i can get icmp echo reply even www .

however ssh does not appear on the list on the inspection protocols...help!


ajagadee Fri, 10/24/2008 - 07:56
User Badges:
  • Cisco Employee,

Hi,


If you have already configure NAT for the server and permitted TCP Port 22, I would check


1. ACL on inside interface

2. Any kind of ACL on the SSH Server

3. DualNIC, server responding/routing to a different gateway

4. Use Capture command and capture information on the outside and inside for the SSH Traffic.


Also, is it possible to post the configuration from the Firewall.


Regards,

Arul


*Pls rate if it helps*

wwanjohi123 Sun, 10/26/2008 - 22:55
User Badges:

The server is in our LAN, routing to the same gateway as the rest of the servers, I will do the capture but meanwhile kindly see attached firewall configs. Thanks.



Actions

This Discussion