Why can I SSH to ASA from inside network, but not from outside?

JonCommins · ‎03-18-2014

I have an ASA 5505 (config) and I can SSH to the device when I'm on the inside network, but not from the internet using the IP of the outside interface.

Why not?

The solution was: the client was confidently telling me the wrong outside IP address. With the correct IP address, everything works.

swapna · ‎03-18-2014

Hi,

You might have enabled ssh on the inside interface. Below is the config that you will find for the already existing SSH connection on your ASA.

ssh < The IP address of the host and/or network authorized to
login to the system> <mask> <interface name---inside>

so in the same way you should config the ssh for the outside interface too allowing SSH. But you should be aware of the fact that you are allowing the users on internet to ssh into your ASA. It is always recommended to not to allow ssh on the outside.

I hope this gave you a clue.

Thanks

JonCommins · ‎03-18-2014

I believe I've already enabled SSH access from the outside.

Specifically, this line in the config: ssh 0.0.0.0 0.0.0.0 outside

Yet it doesn't work. Is there something else?

Kuat Bakenov · ‎08-23-2014

use asdm - and enable outside - its very simple....

useridcisco1 · ‎03-18-2014

Regenerate crypto keys. I assume you have already generated general purpose keys as you've mentioned that you can access from inside.

What does debug say "debug ssh"

Thanks

Musab