cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
878
Views
0
Helpful
2
Replies

Filter SSH access to Cisco ASA from Internet

anton_nikulin
Level 1
Level 1

Hello,

I have ASA 5520 with interface 'inside' in local network and interface 'outside' facing the internet.

there are line ssh 192.168.0.0 255.255.0.0 inside for access to ASA from local network. And deny any any rule for incoming traffic on 'outside' interface.

 

I see a lot of denying connection from different addresses to 'outside' interface on ASA in syslog. When I scan outside interface with nmap from internet tcp/22 port is marked as closed. Are there any possibilities to make it filtered?

 

 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

The syslog entries are just an indicator of the ASA doing its job of blocking the script kiddies from getting in to your firewall. I see them all the time on Internet-facing firewalls when the logging level is set high enough and there's an explicit deny on the inbound access-list (vs. the implicit deny any any that will be on the outside).

You can either lower the logging level (4 is recommended), filter that message, or change it to a level that's less important than your day-to-day level so it goes away as a recurring message that requires no action.

View solution in original post

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

The syslog entries are just an indicator of the ASA doing its job of blocking the script kiddies from getting in to your firewall. I see them all the time on Internet-facing firewalls when the logging level is set high enough and there's an explicit deny on the inbound access-list (vs. the implicit deny any any that will be on the outside).

You can either lower the logging level (4 is recommended), filter that message, or change it to a level that's less important than your day-to-day level so it goes away as a recurring message that requires no action.

Thank you very much

Review Cisco Networking for a $25 gift card