09-28-2012 06:03 AM - edited 03-11-2019 05:01 PM
Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
- External network range that needs SSH access: 8.8.8.0/24
- Outside interface: 10.1.10.2 (NAT'd from 7.7.7.7)
- Inside Network: 192.168.100.0/24
- Inside host to redirect external SSH to: 192.168.100.98
Hi All,
I have a Cisco ASA 5505 (version above) and I have someone that needs to SSH into a box behind the ASA. I'm having a few issues trying to configure this access-list and NAT. I've tried many combinations and clearly my IOS is not as good as I thought.
Can anyone help with this? What commands should I enter to accomplish mapping SSH from an outside network range to an internal host?
Many thanks,
Tarran
Solved! Go to Solution.
09-28-2012 07:31 AM
This may or may not work depending on how your modem handles the natting. On your firewall try this -
static (inside,outside) tcp interface 22 192.168.100.98 22
then add this to your acl on the outside interface of your ASA -
access-list outside_in permit tcp 8.8.8.0 255.255.255.0 host 10.1.10.2 eq 22
if you don't have an acl applied then add this extra step -
access-group outside_in in interface outside
Jon
09-28-2012 07:12 AM
Tarran
What do you mean by this -
Outside interface: 10.1.10.2 (NAT'd from 7.7.7.7)
does the outside interface have a public IP ie. 7.7.7.7 or a private IP 10.1.10.2 ?
if it is 10.1.10.2 where is this natted to 7.7.7.7 ie. on what device ?
Jon
09-28-2012 07:18 AM
It has a private IP 10.1.10.2 but someone from the outside world would ssh to 7.7.7.7 as is NAT'd from the ISP modem.
09-28-2012 07:31 AM
This may or may not work depending on how your modem handles the natting. On your firewall try this -
static (inside,outside) tcp interface 22 192.168.100.98 22
then add this to your acl on the outside interface of your ASA -
access-list outside_in permit tcp 8.8.8.0 255.255.255.0 host 10.1.10.2 eq 22
if you don't have an acl applied then add this extra step -
access-group outside_in in interface outside
Jon
09-28-2012 07:40 AM
BAM. Thank you Jon - worked a treat.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide