07-10-2018 12:11 PM - edited 02-21-2020 07:58 AM
Hi all,
I am facing an issue, a weird one in this case.
I have a 5505 ASA with Basic License and the following scenario:
Vlan1: 192.168.1.0/24 Inside
Vlan2: DHCP from ISP's Outside
Vlan3: 172.16.1.0/29 DMZ (nothing connected here yet)
I have NAT from inside to outside working just fine.
I have two devices that i need to access from outside:
DeviceA: Cisco IP Camera
DeviceB: Raspberry-Pi Linux Box.
I have access to the Camera however, not to the Raspberry-Pi, even though the configuration is the very same for both of them. Here I attach a few screenshots.
I am very confused, access to the camera works just fine, the config for the raspberry is the same, and ssh is listening on port 22.
The only thing i can think of is that it conflicts with the SSH service listening on the ASA itself?
Advise?
Thanks,
Cheers
07-10-2018 12:23 PM - edited 07-10-2018 12:33 PM
UPDATE
Normally I would have to define a "destination" device in order for this to work.
If i configure it with the destination IP (aka the private IP of the camera or PI) then it does not work.
If i configure the destination to be ANY, then it works, is this normal?
Here is part of the config related to this issue:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ciscoasa# sho run | inc access-list
access-list outside_access_in extended permit tcp any any eq ssh
access-list outside_access_in extended permit object-group TCPUDP any any eq www
threat-detection statistics access-list
ciscoasa# sho run | inc static
static (inside,outside) tcp interface ssh Raspberry-PI ssh netmask 255.255.255.255
static (inside,outside) tcp interface www Camera www netmask 255.255.255.255
ciscoasa#
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Regards,
Ezequiel
07-10-2018 12:23 PM
What version of RPi and what distro running, are you sure the SSH Service running on Rasberrypi,
Some time fw up default on Linux environment, try and see iptables(FW) running, iptable -xnvL see any FW rules under Rasberry pi.
If running flush the rules, iptables -F, you can monitor the logs in FW see any packets dropping at FW end, if FW build the connection, you can run tcpdump in Linux see if the traffic received by Linux.
BB
07-10-2018 12:28 PM
Hi,
I have tried the above mentioned config, and it works. The issue is not on the Raspberry-Pi, i can SSH into it just fine only when i configure it in such a way. Here is a screenshot of it.
Note that the "destination" is set to "any" where I would normally configure the real IP of the inside device, but if i configure it with the real IP, the it doesnt work. It works right now and i can access both, the camera and the raspberry from the outside.
Cheers,
Ezequiel
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: