Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
972
Views
5
Helpful
5
Replies

Problem in access a server with ssh in ASA DMZ interface

Go to solution
anunes1987
Level 1
Level 1

ā€Ž05-07-2010 10:39 AM - edited ā€Ž03-11-2019 10:42 AM

Need some help on ASA5520. It's the first time  configuring it and all servers are reachable and work but there's one specific Server which I need SSH access I made the custom configuration but no joy.


Following the information from "Sh run" about SSH config

object-group service SSH tcp
description ACESSO_SSH
port-object eq ssh

ssh 10.6.84.45 255.255.255.255 inside
ssh 10.6.84.70 255.255.255.255 inside
ssh 10.6.84.44 255.255.255.255 inside
ssh 10.6.84.49 255.255.255.255 inside
ssh VLAN84_DADM-3040 255.255.255.0 inside
ssh 10.6.84.18 255.255.255.255 inside

ssh timeout 60
ssh version 1

Thaaanks !

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to anunes1987

ā€Ž05-07-2010 11:12 AM

Amanda,

If you need to establish an SSH session from the inside interface to the DMZ, you need NAT (if having nat-control enabled).

i.e

nat (inside) 1 0  0

global (DMZ) 1 interface

With the above configuration you should be able to SSH to the DMZ server from the inside LAN (assuming the name of the interfaces are inside and DMZ respectively).

Federico.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

ā€Ž05-07-2010 10:42 AM

Amanda

The configuration that you posted is the list of IPs allowed to establish an SSH connection to the ASA.

You need to be able to SSH to a server or to the ASA itself?

What's the IP of such server?

Federico.

Go to solution
anunes1987
Level 1
Level 1
In response to Federico Coto Fajardo

ā€Ž05-07-2010 11:04 AM

I need to stablish the SSH connection from my LAN to the server. Before we had a PIX we didn't have any problem , but after the migration i'm unable to do so.

The ip of my server is 172.16.0.3 and it is on the DMZ interface.

Amanda.

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to anunes1987

ā€Ž05-07-2010 11:12 AM

Amanda,

If you need to establish an SSH session from the inside interface to the DMZ, you need NAT (if having nat-control enabled).

i.e

nat (inside) 1 0  0

global (DMZ) 1 interface

With the above configuration you should be able to SSH to the DMZ server from the inside LAN (assuming the name of the interfaces are inside and DMZ respectively).

Federico.

0 Helpful

Go to solution
anunes1987
Level 1
Level 1
In response to Federico Coto Fajardo

ā€Ž05-07-2010 11:23 AM

All ok !

Thanks Mate !

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to anunes1987

ā€Ž05-07-2010 11:26 AM

Good news ;-)

Thanks for the rating!

Federico.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card