Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSH error configuration

Hello 

 

I have an ASA 5520 and I need to access an internal server via ssh  this goes from e0/0 to e0/2 but is a ver simple config, but is not working.

 

Any one can help?

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Green

You can try the following

You can try the following instead:

access-list CAPOUT permit tcp any host 200.80.209 eq 22

access-list CAPIN permit tcp any host 10.216.60.25 eq 22

capture cap-in interface inside access-list CAPIN

capture cap-out interface outside access-list CAPOUT

show cap-in

show cap-out

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
4 REPLIES

Hello, As you said is a

Hello,

 

As you said is a really straight-forward configuration and you already had it right :) which is good.

 

Now to determine what is going on please create captures

 

cap capout interface outside match tcp any host 200.80.209.69 eq 22

cap capin interface inside match tcp any host 10.216.60.25 eq 22

 

Then generate one connection and provide us

show cap capin

show cap capout

 

Regards

Jcarvaja
Senior Network Security and Core Specialist
CCIE #42930, 2-CCNP, JNCIS-SEC
For inmediate assistance hire us at http://inetworks.cr/our-rates/

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Hello sir I dont have the

Hello sir

 

I dont have the option "match"

 

capture cap interface outside ?

  access-list      Capture packets that match access-list
  buffer           Configure size of capture buffer, default is 512 KB
  circular-buffer  Overwrite buffer from beginning when full, default is
                   non-circular
  ethernet-type    Capture Ethernet packets of a particular type, default is IP
  packet-length    Configure maximum length to save from each packet, default
                   is 68 bytes
  trace            Trace the captured packets

 

Thanks.

VIP Green

You can try the following

You can try the following instead:

access-list CAPOUT permit tcp any host 200.80.209 eq 22

access-list CAPIN permit tcp any host 10.216.60.25 eq 22

capture cap-in interface inside access-list CAPIN

capture cap-out interface outside access-list CAPOUT

show cap-in

show cap-out

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
VIP Green

Chances are that there is a

Chances are that there is a configuration error on the server you are trying to SSH to.  I suggest checking that the server is set up to listen for port 22 and that SSH is not being blocked by any installed software firewall such as Windows firewall or some other such as Symantec..etc.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
61
Views
0
Helpful
4
Replies
CreatePlease to create content