Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port Forwarding

I need to allow a vendor to get ssh access to a device on my inside network. Of course I want to limit where the ssh is coming from and going to. Do the lines below look sufficient?

access-list acl_out permit tcp host outside.vendor.ip host my.outside.ip eq ssh

static (inside,outside) tcp my.outside.ip ssh my.internal.ip ssh netmask 255.255.255.255 0 0

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: Port Forwarding

Yes, unless "my.outside.ip" is the ip of your outside interface. In that case, replace "my.outside.ip" with the keywork "interface". Also apply the acl with "access-group acl_out in interface outside".

1 REPLY
Green

Re: Port Forwarding

Yes, unless "my.outside.ip" is the ip of your outside interface. In that case, replace "my.outside.ip" with the keywork "interface". Also apply the acl with "access-group acl_out in interface outside".

108
Views
0
Helpful
1
Replies
CreatePlease login to create content