Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Telnet a Router on the LAN Through An ASA

I am trying to give a 3rd part supplier telnet/ssh access from the outside (internet) to a router which is directly connected  to an interface on the Firewall. They need to fix an issue. Is this possible?

 

interface Vlan4
nameif ROUTER
security-level 50
ip address 172.x.x.1 255.255.255.252


Nat
global (INET) 2 88.x.x.x netmask 255.255.255.248
nat (ROUTER) 2 172..x.x.2 255.255.255.255

Access list on outside Interface
access-list INET_in extended permit tcp any host 172.x.x.2 eq ssh

1 REPLY
VIP Purple

You need a static translation

You need a static translation and a corresponding ACE for that:

static (ROUTER,INET) tcp 88.x.x.x 22 172.x.x.2  22 netmask 255.255.255.255 0 0
access-list INET_in extended permit tcp any host 88.x.x.x eq ssh


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
80
Views
0
Helpful
1
Replies
CreatePlease login to create content