10-24-2008 06:33 AM - edited 03-11-2019 07:02 AM
I have NATted an internal server to a public address and allowed all IP from a source external public IP Address to allow it SSH to the NATted internal server. I'am using an ASA firewall. i have configured all the rules on both the outside and inside interface. iam able to telnet to port 80 but i can't SSH to it from the internet. Locally on my LAN both both protocols work to the server. kindly assist.
10-24-2008 06:41 AM
Hi,
Have you permitted TCP Port 22 in your Access-Lists. Example:
access-list INBOUND extended permit tcp any host x.x.x.x eq ssh
If you have already permitted the TCP Port 22 in the ACL, do you see any logs on the ASA when SSH does not work?
Regards,
Arul
*Pls rate if it helps*
10-24-2008 07:47 AM
I have applied as above, but cannot get any activity/ events on the real time log.
when i try to ssh from external it is still timming out.
Is there any special configs i need to do to allow ssh traffic?
I have permited all IP and i can get icmp echo reply even www .
however ssh does not appear on the list on the inspection protocols...help!
10-24-2008 07:56 AM
Hi,
If you have already configure NAT for the server and permitted TCP Port 22, I would check
1. ACL on inside interface
2. Any kind of ACL on the SSH Server
3. DualNIC, server responding/routing to a different gateway
4. Use Capture command and capture information on the outside and inside for the SSH Traffic.
Also, is it possible to post the configuration from the Firewall.
Regards,
Arul
*Pls rate if it helps*
10-26-2008 10:55 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide