Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1341
Views
0
Helpful
2
Replies

ASA Firewall

Go to solution
SathishkumarSaravanan0348
Level 1
Level 1

‎01-16-2020 04:08 AM

Hello experts,

 

Could you please explain me the below couple of query?

 

1. ssh 10.136.100.226 255.255.255.255 outside---- In my asa FW I could see this command. Whether the command is to take the ssh from outside? I tried to ssh into the device with the mentioned IP but failed. But any way I have another IP configured for the vty lines. My query is that what exactly the command do?

2. no-proxy-arp route-lookup--- I seen for the dynamic NO NAT at least they have given the proxy-arp command. Why this command is used.

 

Regards,

Sathish

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎01-16-2020 04:40 AM

Hi,

Yes, with that command you should be able to SSH to the ASA itself from 10.136.100.226.

Have you generated an rsa key, configured the aaa commands for SSH and obviously defined a username and password?

 

crypto key generate rsa modulus 2048
aaa authentication ssh console LOCAL
ssh version 2
username admin password YourPWord privilege 15

If you add the keyword no-proxy-arp to specific NAT commands, the ASA will not respond to ARP requests for the global IP subnet identified in those NAT statements.

 

HTH

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎01-16-2020 04:40 AM

Hi,

Yes, with that command you should be able to SSH to the ASA itself from 10.136.100.226.

Have you generated an rsa key, configured the aaa commands for SSH and obviously defined a username and password?

 

crypto key generate rsa modulus 2048
aaa authentication ssh console LOCAL
ssh version 2
username admin password YourPWord privilege 15

If you add the keyword no-proxy-arp to specific NAT commands, the ASA will not respond to ARP requests for the global IP subnet identified in those NAT statements.

 

HTH

0 Helpful

Go to solution
salman abid
Level 1
Level 1

‎01-16-2020 09:07 AM

ssh 10.136.100.226 255.255.255.255 outside

in above command it is saying let someone allow to SSH when the source IP of that request is ''10.136.100.226 255.255.255.255'' and is coming from ''outside'' interface. If your outisde interface is connected to internet then there is no chance that such request will ever come true.

so possibly it's a miss configured or type error and i'm sure if you remove it then there will be no impact on operation/management of your firewall.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card