cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1845
Views
0
Helpful
4
Replies
Highlighted
Beginner

How can I map SSH from an outside network range to an internal host (ASA 5505)

Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)

- External network range that needs SSH access: 8.8.8.0/24

- Outside interface: 10.1.10.2 (NAT'd from 7.7.7.7)

- Inside Network: 192.168.100.0/24

- Inside host to redirect external SSH to: 192.168.100.98

Hi All,

I have a Cisco ASA 5505 (version above) and I have someone that needs to SSH into a box behind the ASA. I'm having a few issues trying to configure this access-list and NAT. I've tried many combinations and clearly my IOS is not as good as I thought.

Can anyone help with this? What commands should I enter to accomplish mapping SSH from an outside network range to an internal host?

Many thanks,

Tarran

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

How can I map SSH from an outside network range to an internal h

This may or may not work depending on how your modem handles the natting. On your firewall try this -

static (inside,outside) tcp interface 22 192.168.100.98 22

then add this to your acl on the outside interface of your ASA -

access-list outside_in permit tcp 8.8.8.0 255.255.255.0 host 10.1.10.2 eq 22

if you don't have an acl applied then add this extra step -

access-group outside_in in interface outside

Jon

View solution in original post

4 REPLIES 4
Highlighted
Hall of Fame Guru

How can I map SSH from an outside network range to an internal h

Tarran

What do you mean by this -

Outside interface: 10.1.10.2 (NAT'd from 7.7.7.7)

does the outside interface have a public IP ie. 7.7.7.7 or a private IP 10.1.10.2 ?

if it is 10.1.10.2 where is this natted to 7.7.7.7 ie. on what device ?

Jon

Highlighted
Beginner

How can I map SSH from an outside network range to an internal h

It has a private IP 10.1.10.2 but someone from the outside world would ssh to 7.7.7.7 as is NAT'd from the ISP modem.

Highlighted
Hall of Fame Guru

How can I map SSH from an outside network range to an internal h

This may or may not work depending on how your modem handles the natting. On your firewall try this -

static (inside,outside) tcp interface 22 192.168.100.98 22

then add this to your acl on the outside interface of your ASA -

access-list outside_in permit tcp 8.8.8.0 255.255.255.0 host 10.1.10.2 eq 22

if you don't have an acl applied then add this extra step -

access-group outside_in in interface outside

Jon

View solution in original post

Highlighted
Beginner

How can I map SSH from an outside network range to an internal h

BAM. Thank you Jon - worked a treat.