cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

177
Views
0
Helpful
2
Replies
Highlighted

ASA Firewall

Hello experts,

 

Could you please explain me the below couple of query?

 

1. ssh 10.136.100.226 255.255.255.255 outside---- In my asa FW I could see this command. Whether the command is to take the ssh from outside? I tried to ssh into the device with the mentioned IP but failed. But any way I have another IP configured for the vty lines. My query is that what exactly the command do?

2. no-proxy-arp route-lookup--- I seen for the dynamic NO NAT at least they have given the proxy-arp command. Why this command is used.

 

Regards,

Sathish

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor VIP Advisor
VIP Advisor

Re: ASA Firewall

Hi,

Yes, with that command you should be able to SSH to the ASA itself from 10.136.100.226.

Have you generated an rsa key, configured the aaa commands for SSH and obviously defined a username and password?

 

crypto key generate rsa modulus 2048
aaa authentication ssh console LOCAL
ssh version 2
username admin password YourPWord privilege 15

If you add the keyword no-proxy-arp to specific NAT commands, the ASA will not respond to ARP requests for the global IP subnet identified in those NAT statements.

 

HTH

View solution in original post

2 REPLIES 2
Highlighted
VIP Advisor VIP Advisor
VIP Advisor

Re: ASA Firewall

Hi,

Yes, with that command you should be able to SSH to the ASA itself from 10.136.100.226.

Have you generated an rsa key, configured the aaa commands for SSH and obviously defined a username and password?

 

crypto key generate rsa modulus 2048
aaa authentication ssh console LOCAL
ssh version 2
username admin password YourPWord privilege 15

If you add the keyword no-proxy-arp to specific NAT commands, the ASA will not respond to ARP requests for the global IP subnet identified in those NAT statements.

 

HTH

View solution in original post

Highlighted
Beginner

Re: ASA Firewall

ssh 10.136.100.226 255.255.255.255 outside

in above command it is saying let someone allow to SSH when the source IP of that request is ''10.136.100.226 255.255.255.255'' and is coming from ''outside'' interface. If your outisde interface is connected to internet then there is no chance that such request will ever come true.

so possibly it's a miss configured or type error and i'm sure if you remove it then there will be no impact on operation/management of your firewall.