Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
1
Replies

Telnet a Router on the LAN Through An ASA

dasgill
Level 1
Level 1

‎10-09-2014 12:30 PM - edited ‎03-11-2019 09:53 PM

I am trying to give a 3rd part supplier telnet/ssh access from the outside (internet) to a router which is directly connected  to an interface on the Firewall. They need to fix an issue. Is this possible?

 

interface Vlan4
nameif ROUTER
security-level 50
ip address 172.x.x.1 255.255.255.252


Nat
global (INET) 2 88.x.x.x netmask 255.255.255.248
nat (ROUTER) 2 172..x.x.2 255.255.255.255

Access list on outside Interface
access-list INET_in extended permit tcp any host 172.x.x.2 eq ssh

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎10-09-2014 01:32 PM

You need a static translation and a corresponding ACE for that:

static (ROUTER,INET) tcp 88.x.x.x 22 172.x.x.2  22 netmask 255.255.255.255 0 0
access-list INET_in extended permit tcp any host 88.x.x.x eq ssh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card