Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Unable to ssh from inside host to ASA in DMZ

 

Hi Everyone,

 

Below is setup

PC---inside----ASA1----DMZ----SW1----DMZ----ASA2

IP of PC 10.0.0.5

ASA2 config

interface Ethernet0/0
 nameif vlan4
 security-level 45
 ip address 192.168.1.173 255.255.255.0

Also on ASA2 i have config no nat control.

 

ASA1 config

interface Vlan4
 nameif DMZ
 security-level 45
 ip address 192.168.1.171 255.255.255.0

 

 

When i ping from PC to ASA2 IP 192.168.1.173

logs from ASA1

Jun 07 2014 14:00:37: %ASA-6-302013: Built outbound TCP connection 206381 for DMZ:192.168.1.173/22 (192.168.1.173/22) to inside:10.0.0.5/50313 (10.0.0.5/50313)
Jun 07 2014 14:01:07: %ASA-6-302014: Teardown TCP connection 206381 for DMZ:192.168.1.173/22 to inside:10.0.0.5/50313 duration 0:00:30 bytes 0 SYN Timeout

 

Logs from ASA2

Jun 07 2014 19:26:29: %ASA-3-710003: TCP access denied by ACL from 10.0.0.5/50176 to vlan4:192.168.1.173/22

 

Ping works fine from PC to IP 192.168.1.173.

Regards

MAhesh

 

1 ACCEPTED SOLUTION

Accepted Solutions

do you have configured on

do you have configured on ASA2 the following command:

ssh <IP address of PC> 255.255.255.255 Vlan4

If you have that configured, please post the full configuration of ASA2 (sanitised).

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
2 REPLIES

do you have configured on

do you have configured on ASA2 the following command:

ssh <IP address of PC> 255.255.255.255 Vlan4

If you have that configured, please post the full configuration of ASA2 (sanitised).

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
Community Member

 That did the trick

 

That did the trick.

Regards

MAhesh

26
Views
0
Helpful
2
Replies
CreatePlease to create content