Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
937
Views
0
Helpful
1
Replies

Configure SSH access on ASA 5508-X

taikunwai
Beginner
Beginner

‎01-23-2018 01:51 AM - edited ‎02-21-2020 07:11 AM

Hi..

I have a ASA 5508-X. Outside interface IP is 203.81.x.x and Inside interface IP is 10.10.x.x. I want to access from a ssh client (eg: 10.10.1.9) in inside network to ssh server (eg: 64.20.8.42) on Internet. How can I configure to allow ssh access through ASA 5508-X. 

Labels:
0 Helpful
1 Reply 1

Bogdan Nita
Rising star
Rising star

‎01-23-2018 06:53 AM

If you have an access-list configured on the inside interface you will need to allow the traffic.

If you do not have an access-list on the inside interface traffic should be allowed according to the security-level.

Also you would need to configure a NAT in order to access public IPs.

 

see access-lists applied to interfaces:

show runn access-group

allow ssh traffic:

access-list <acl_name> line 1 extended permit tcp host 10.10.1.9 host 64.20.8.42 eq ssh

NAT:

object network NET_10.10.x.x
subnet 10.10.0.0 255.255.0.0

!

nat (inside,outside) source dynamic NET_10.10.x.x interface

 

A great way to check everything works is packet-tracer:

packet-tracer input inside tcp 10.10.1.9 1025 64.20.8.42 ssh

 

HTH

Bogdan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents