Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Problem in access a server with ssh in ASA DMZ interface

Need some help on ASA5520. It's the first time  configuring it and all servers are reachable and work but there's one specific Server which I need SSH access I made the custom configuration but no joy.


Following the information from "Sh run" about SSH config

object-group service SSH tcp
description ACESSO_SSH
port-object eq ssh

ssh 10.6.84.45 255.255.255.255 inside
ssh 10.6.84.70 255.255.255.255 inside
ssh 10.6.84.44 255.255.255.255 inside
ssh 10.6.84.49 255.255.255.255 inside
ssh VLAN84_DADM-3040 255.255.255.0 inside
ssh 10.6.84.18 255.255.255.255 inside

ssh timeout 60
ssh version 1

Thaaanks !

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Problem in access a server with ssh in ASA DMZ interface

Amanda,

If you need to establish an SSH session from the inside interface to the DMZ, you need NAT (if having nat-control enabled).

i.e

nat (inside) 1 0  0

global (DMZ) 1 interface

With the above configuration you should be able to SSH to the DMZ server from the inside LAN (assuming the name of the interfaces are inside and DMZ respectively).

Federico.

5 REPLIES

Re: Problem in access a server with ssh in ASA DMZ interface

Amanda

The configuration that you posted is the list of IPs allowed to establish an SSH connection to the ASA.

You need to be able to SSH to a server or to the ASA itself?

What's the IP of such server?

Federico.

New Member

Re: Problem in access a server with ssh in ASA DMZ interface

I need to stablish the SSH connection from my LAN to the server. Before we had a PIX we didn't have any problem , but after the migration i'm unable to do so.

The ip of my server is 172.16.0.3 and it is on the DMZ interface.

Amanda.

Re: Problem in access a server with ssh in ASA DMZ interface

Amanda,

If you need to establish an SSH session from the inside interface to the DMZ, you need NAT (if having nat-control enabled).

i.e

nat (inside) 1 0  0

global (DMZ) 1 interface

With the above configuration you should be able to SSH to the DMZ server from the inside LAN (assuming the name of the interfaces are inside and DMZ respectively).

Federico.

New Member

Re: Problem in access a server with ssh in ASA DMZ interface

All ok !

Thanks Mate !

Re: Problem in access a server with ssh in ASA DMZ interface

Good news ;-)

Thanks for the rating!

Federico.

448
Views
5
Helpful
5
Replies
CreatePlease to create content