Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSH Access SA520W

Hello-

I'm working with a SA520W Security Appliance and having difficulty connecting to a SSH server on the LAN.

I have create an inbound (WAN zone to LAN zone) firewall rule for Service SSH:TCP, Enable Port Forwarding to 22 to the destination LAN IP, but have been unable to connect from any external IP address to the internal SSH server via XShell or PuTTY software. Within the LAN, I'm able to connect successfully.

What am I missing?

Much appreciated.

8 REPLIES
New Member

Re: SSH Access SA520W

Do you have the most current firmware?  Most recent is 1.1.21.  Please advise.

New Member

Re: SSH Access SA520W

Hi Jammcord. Thank you for your prompt response. My current firmware version is 1.1.21. It was upgraded from version 1.0.15.

New Member

Re: SSH Access SA520W

Is SELinux enabled?  Any other firewall program?

New Member

Re: SSH Access SA520W

No other firewall is enabled on the SSH server. Not sure if this helps, but other services, such as HTTPS, connect to the server through the SA520W firewall just fine.

New Member

Re: SSH Access SA520W

Just for clarification, you are able to ssh into the box on the lan?

New Member

Re: SSH Access SA520W

Correct; within the LAN I'm able to SSH using the server's internal IP address (192.168.xxx.xxx) or Host Name. Just unable to SSH into the server from a remote location. Also, before implementing the SA520W, we had a RSV4000, which SSH passed through without issue from any remote location.

New Member

Re: SSH Access SA520W

I assume you are using the built-in service on the device.  Try setting up a custom service and changing your forwarding rule to use your custom service.  If this does not work, call into the SBSC and open a case so we can document the issue.  1.866.606.1866.  You may ask for me, Jason McCord, I will be happy to work with you if I am available.

New Member

Re: SSH Access SA520W

Yes, I'm using the built-in service SSH:TCP, but have also tried SSH and SSH:UDP. However, I will try creating a custom service to see if that solves the issue. Thanks for your help.

706
Views
0
Helpful
8
Replies