How to configure ssh on the outside interface of asa? I have defined an access list for outside interface, applied it, but it didnt work for some reason
Here is the access list
ip address 10.254.17.9 255.255.255.248
no ip address
description EIGRP 2008
ip address 10.40.50.65 255.255.255.252
ip address 192.168.251.1 255.255.255.0
boot system disk0:/asa821-k8.bin
ftp mode passive
access-list 110 extended permit ip any any
access-list nat extended permit ip any any
access-list allow_ping extended permit icmp any any echo-reply
access-list allow_ping extended permit icmp any any source-quench
access-list allow_ping extended permit icmp any any unreachable
access-list allow_ping extended permit icmp any any time-exceeded
access-list allow_ping extended permit udp any any eq isakmp
access-list allow_ping extended permit esp any any
access-list allow_ping extended permit ah any any
access-list allow_ping extended permit gre any any
access-list allow_ping extended permit tcp any any eq ssh
access-list nonat extended permit ip any any
access-list icmp_inside extended permit icmp any any
access-list icmp_inside extended permit ip any any
pager lines 24
logging asdm informational
mtu outside 1500
mtu eigrp 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
access-group allow_ping in interface outside
Can't say I have seen this before but SSH is easy to do on the ASA.
I recommend taking the access list off of the interface first to see if that could be it.
You only posted a partial section of the config but make sure you have the SSH command with the address of the subnet you are connecting from. Your config is no longer visible as I type this but try "SSH 0.0.0.0 0.0.0.0 outside". This allows all subnets to access the outside interface. This command works like an access list to limit connectivity to trusted subnets. i.e. "SSH 10.0.0.0 255.0.0.0 outside" only allows hosts on the 10.x.x.x network to connect via SSH.
Turn on "debug ssh" to see what the errors are too.
And, you can always delete your keys (crypto key zeroize rsa) and rebuild them back (crypto key generate rsa gen mod 1024). This will make your ssh client, I'm using PuTTY, think this is a new device and prompt for the OK to connect.