ssh from internet

milan_ver — Tue, 12 Mar 2019 00:35:15 GMT

Hi,

I want to ssh to my asa from internet.

for it iahve done some configuration, but my asa is not pinging from internet.

Below is my ASA's show run

Please help me..

Regards,

Milan Verma

-------------------------------------------------------------

RBN-ASA-01# sh run

: Saved

ASA Version 8.2(5)

hostname RBN-ASA-01

domain-name rcad.net

enable password WRY7HuZ63V3/F0YH encrypted

passwd WRY7HuZ63V3/F0YH encrypted

names

interface Ethernet0/0

description Internet Interface

switchport access vlan 61

interface Ethernet0/1

description office Internet

switchport access vlan 50

interface Ethernet0/2

description LAN Failover Interface

switchport access vlan 999

interface Ethernet0/3

interface Ethernet0/4

interface Ethernet0/5

interface Ethernet0/6

interface Ethernet0/7

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute

interface Vlan50

nameif office

security-level 100

ip address 10.54.5.1 255.255.255.192

interface Vlan61

nameif Internet

security-level 0

ip address 182.73.131.90 255.255.255.248

interface Vlan999

description LAN Failover Interface

ftp mode passive

dns server-group DefaultDNS

domain-name rcad.net

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list office_access_in extended permit ip 10.54.5.0 255.255.255.192 any log

access-list office_access_in extended permit icmp 10.54.5.0 255.255.255.192 any log

access-list Internet_access_in extended permit ip 83.206.102.64 255.255.255.224 any log

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

mtu office 1500

mtu Internet 1500

no failover

failover lan unit primary

failover lan interface FAILOVER Vlan999

failover key *****

failover interface ip FAILOVER 172.16.255.1 255.255.255.0 standby 172.16.255.2

icmp unreachable rate-limit 1 burst-size 1

icmp permit any office

icmp permit any Internet

no asdm history enable

arp timeout 14400

global (outside) 1 interface

global (Internet) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

nat (office) 1 0.0.0.0 0.0.0.0

access-group office_access_in in interface office

access-group Internet_access_in in interface Internet

route outside 0.0.0.0 0.0.0.0 182.73.131.90 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

aaa authentication enable console LOCAL

http server enable 8443

http 192.168.1.0 255.255.255.0 inside

http 0.0.0.0 0.0.0.0 Internet

http authentication-certificate outside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh scopy enable

ssh 83.206.102.64 255.255.255.224 outside

ssh 0.0.0.0 0.0.0.0 Internet

ssh timeout 60

ssh version 2

console timeout 0

management-access office

dhcpd auto_config outside

dhcpd address 192.168.1.5-192.168.1.254 inside

dhcpd enable inside

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

username royal password NoaKp7DFzldhgZBl encrypted

class-map inspection_default

match default-inspection-traffic

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:a81bd8fb22c791c3ad0018dc545df522

: end

RBN-ASA-01#

ssh from internet

Eugene Korneychuk — Mon, 10 Dec 2012 08:59:43 GMT

Hello Milan,

You can do the following to access your ASA from internet:

you need a public/private keypair:

asa(config)# crypto key generate rsa general-keys modulus 2048

a username:

asa(config)# username testuser password testpass

and the system should know where your useraccounts are:

asa(config)# aaa authentication ssh console LOCAL

permit ssh on the outside for everyone

asa(config)# ssh 0 0 outside

Edit: And only allowing SSHv2:

asa(config)# ssh version 2

Please rate helpful posts

Best Regards,

Eugene

ssh from internet

milan_ver — Mon, 10 Dec 2012 09:04:41 GMT

but I am not able to ping my ASA from internet.

IP on 0/0 182.73.131.90

ISP router IP - 182.73.131.89

ssh from internet

Jouni Forss — Mon, 10 Dec 2012 09:06:45 GMT

Hi,

Can you try adding the following

policy-map global_policy

class inspection_default

inspect icmp

And then try again

- Jouni

ssh from internet

Eugene Korneychuk — Mon, 10 Dec 2012 09:08:10 GMT

Hello,

It is not the same issue, of course if it is not a connectivity problem,

Try this:

icmp permit any outside

Also which interface are you using, Internet or outside?

you can check it with sh route command

Please rate helpful posts

Best Regards,

Eugene

topic ssh from internet in Network Security

ssh from internet

ssh from internet

ssh from internet

ssh from internet

ssh from internet