SSH to inside resource via ASA

Unanswered Question
Apr 28th, 2009
User Badges:
  • Gold, 750 points or more

Hi all,

Iam missing something for sure..;-). Trying to SSH to inside router via ASA (internet) with no luck. Can able to SSH to same router from internal LAN.


Interrnet to ASA --> ASA inside to core switch (running OSPF and mgmt vla 25)--> switch port to router (OSPF as well and Fas0/1 on mgmt subnet).


ASA has static route to internal network.


ASA Config:


!

interface Vlan10

security-level 0

ip address 81.25.23.90 255.255.255.0

!

interface Vlan25

security-level 100

ip address 10.120.25.4 255.255.255.0

!

access-list OUTIN extended permit icmp any any echo-reply

access-list OUTIN extended permit tcp 6.2.16.0 255.255.255.192 host 81.25.23.91 eq ssh

access-list OUTIN extended permit tcp 6.19.21.232 255.255.255.248 host 81.25.23.91 eq ssh

!

global (OUTSIDE) 1 interface

nat (INSIDE) 1 10.120.0.0 255.255.0.0

static (INSIDE,OUTSIDE) 81.25.23.91 10.120.25.2 netmask 255.255.255.255

access-group OUTIN in interface OUTSIDE

!

route OUTSIDE 0.0.0.0 0.0.0.0 81.25.23.1 1

route INSIDE 10.120.0.0 255.255.0.0 10.120.25.1 1

!


Any suggestions..?


TIA

MS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mvsheik123 Wed, 04/29/2009 - 05:22
User Badges:
  • Gold, 750 points or more

Yes.. but no luck. The SSH error: Network error: Connction timeout


Log:


2009-04-29 09:19:57 Looking up host "81.25.23.91"

2009-04-29 09:19:57 Connecting to 81.25.23.91 port 22

2009-04-29 09:20:18 Failed to connect to 81.25.23.91: Network error: Connection timed out

2009-04-29 09:20:18 Network error: Connection timed out

2009-04-29 09:20:46


----- Session restarted -----


I did a 'debug ssh at level 30 on ASA, still not seeing any request coming in. ISP confirmed all the assigned (5) IPs to my location routed properly. ISP is VZ DSL with static service, if that matters.


TIA

MS


Actions

This Discussion