Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
380
Views
0
Helpful
2
Replies

ASA5520

Go to solution
sweigle
Level 1
Level 1

‎11-20-2007 08:49 AM - edited ‎03-11-2019 04:33 AM

hello,

I'm having trouble with a security policy rule that is denying outbound connections. I am trying to allow outbound SSH connections to specific IP addresses. Therefore, I added a rule on the inside incoming interface that allows tcp source 192.168.0.0/24 dest ip-group tcp-service group. The ip-group consists of 3 IP addresses of servers. The TCP service group consists of tcp ports 902, 9999, ftp, ftp-data, and ssh. 902, 9999, ftp, ftp-data work fine, but the SSH does not work. I get a message in the log deny tcp src 192.168.0.x to x.x.x.x:22 on the internal access list.

I have a NAT rule for these connections, but it looks like the firewall denies it before the NAT rule takes affect.

Let me know if anyone has any suggestions. Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎11-20-2007 11:47 AM

Is there a Deny farther up the ACL? Any hit counts on the ACL for SSH? Can you post the entire log message (minus the IPs)?

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎11-20-2007 11:47 AM

Is there a Deny farther up the ACL? Any hit counts on the ACL for SSH? Can you post the entire log message (minus the IPs)?

0 Helpful

Go to solution
sweigle
Level 1
Level 1
In response to Collin Clark

‎11-20-2007 02:50 PM

thanks, you were right, there was something farther up the ACL that was denying thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card