Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

How to allow SSH to a server from outside across an ASA firewall.

I have NATted an internal server to a public address and allowed all IP from a source external public IP Address to allow it SSH to the NATted internal server. I'am using an ASA firewall. i have configured all the rules on both the outside and inside interface. iam able to telnet to port 80 but i can't SSH to it from the internet. Locally on my LAN both both protocols work to the server. kindly assist.

4 REPLIES
Cisco Employee

Re: How to allow SSH to a server from outside across an ASA fire

Hi,

Have you permitted TCP Port 22 in your Access-Lists. Example:

access-list INBOUND extended permit tcp any host x.x.x.x eq ssh

If you have already permitted the TCP Port 22 in the ACL, do you see any logs on the ASA when SSH does not work?

Regards,

Arul

*Pls rate if it helps*

Community Member

Re: How to allow SSH to a server from outside across an ASA fire

I have applied as above, but cannot get any activity/ events on the real time log.

when i try to ssh from external it is still timming out.

Is there any special configs i need to do to allow ssh traffic?

I have permited all IP and i can get icmp echo reply even www .

however ssh does not appear on the list on the inspection protocols...help!

Cisco Employee

Re: How to allow SSH to a server from outside across an ASA fire

Hi,

If you have already configure NAT for the server and permitted TCP Port 22, I would check

1. ACL on inside interface

2. Any kind of ACL on the SSH Server

3. DualNIC, server responding/routing to a different gateway

4. Use Capture command and capture information on the outside and inside for the SSH Traffic.

Also, is it possible to post the configuration from the Firewall.

Regards,

Arul

*Pls rate if it helps*

Community Member

Re: How to allow SSH to a server from outside across an ASA fire

The server is in our LAN, routing to the same gateway as the rest of the servers, I will do the capture but meanwhile kindly see attached firewall configs. Thanks.

340
Views
5
Helpful
4
Replies
CreatePlease to create content