Unable to ssh from inside host to ASA in DMZ

Answered Question
Jun 7th, 2014
User Badges:

 

Hi Everyone,

 

Below is setup

PC---inside----ASA1----DMZ----SW1----DMZ----ASA2

IP of PC 10.0.0.5

ASA2 config

interface Ethernet0/0
 nameif vlan4
 security-level 45
 ip address 192.168.1.173 255.255.255.0

Also on ASA2 i have config no nat control.

 

ASA1 config

interface Vlan4
 nameif DMZ
 security-level 45
 ip address 192.168.1.171 255.255.255.0

 

 

When i ping from PC to ASA2 IP 192.168.1.173

logs from ASA1

Jun 07 2014 14:00:37: %ASA-6-302013: Built outbound TCP connection 206381 for DMZ:192.168.1.173/22 (192.168.1.173/22) to inside:10.0.0.5/50313 (10.0.0.5/50313)
Jun 07 2014 14:01:07: %ASA-6-302014: Teardown TCP connection 206381 for DMZ:192.168.1.173/22 to inside:10.0.0.5/50313 duration 0:00:30 bytes 0 SYN Timeout

 

Logs from ASA2

Jun 07 2014 19:26:29: %ASA-3-710003: TCP access denied by ACL from 10.0.0.5/50176 to vlan4:192.168.1.173/22

 

Ping works fine from PC to IP 192.168.1.173.

Regards

MAhesh

 

Correct Answer by Marius Gunnerud about 3 years 2 months ago

do you have configured on ASA2 the following command:

ssh <IP address of PC> 255.255.255.255 Vlan4

If you have that configured, please post the full configuration of ASA2 (sanitised).

--

Please remember to select a correct answer and rate helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Marius Gunnerud Sat, 06/07/2014 - 13:19
User Badges:
  • Red, 2250 points or more
  • Cisco Designated VIP,

    2017 Firewalling

do you have configured on ASA2 the following command:

ssh <IP address of PC> 255.255.255.255 Vlan4

If you have that configured, please post the full configuration of ASA2 (sanitised).

--

Please remember to select a correct answer and rate helpful posts

Actions

This Discussion