ASA 5510: Allow Pings and ssh 'putty' connection to directly connected 2800 router
I have an ASA 5510 with a DMZ interface that has a Cisco 2800 router directly connected to it. I am having two issues:
1. I want to use WhatsUpGold on the Inside Lan to ping the router to monitor up status(at least the e0 int. directly connected to the ASA)
2. I want to connect to the router from the inside LAN using putty on port 22 (I believe I have configured the router properly to handle ssh connections on vty) *Right now I get a Putty fatal Error:Network error: Connection refused
The issue is, on the ASA we have an ACL bound to the inside interface with a Deny IP any any statement at the end so it is adding a layer of difficulty.
Do I need an ACE to the inside ACL allowing access from Inside to DMZ interface eq ssh? Same with ICMP Pings?
Re: ASA 5510: Allow Pings and ssh 'putty' connection to directly
You are initiating a connections from the inside towards the dmz, you will need to open the ACL if there is an ACL applied on the inside interface. Make sure it is above the "deny any any" if there is an explicit "deny any any"
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...