https://community.cisco.com/t5/network-security/port-forwarding/m-p/724707#M1005603 <HTML><HEAD></HEAD><BODY><P>Yes, unless "my.outside.ip" is the ip of your outside interface. In that case, replace "my.outside.ip" with the keywork "interface". Also apply the acl with "access-group acl_out in interface outside".</P></BODY></HTML> Mon, 30 Apr 2007 19:06:41 GMT acomiskey 2007-04-30T19:06:41Z https://community.cisco.com/t5/network-security/port-forwarding/m-p/724706#M1005601 <P>I need to allow a vendor to get ssh access to a device on my inside network. Of course I want to limit where the ssh is coming from and going to. Do the lines below look sufficient?</P><P></P><P>access-list acl_out permit tcp host outside.vendor.ip host my.outside.ip eq ssh</P><P></P><P>static (inside,outside) tcp my.outside.ip ssh my.internal.ip ssh netmask 255.255.255.255 0 0</P><P></P> Mon, 11 Mar 2019 10:07:05 GMT https://community.cisco.com/t5/network-security/port-forwarding/m-p/724706#M1005601 dexteroc1 2019-03-11T10:07:05Z https://community.cisco.com/t5/network-security/port-forwarding/m-p/724707#M1005603 <HTML><HEAD></HEAD><BODY><P>Yes, unless "my.outside.ip" is the ip of your outside interface. In that case, replace "my.outside.ip" with the keywork "interface". Also apply the acl with "access-group acl_out in interface outside".</P></BODY></HTML> Mon, 30 Apr 2007 19:06:41 GMT https://community.cisco.com/t5/network-security/port-forwarding/m-p/724707#M1005603 acomiskey 2007-04-30T19:06:41Z