- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-30-2007 12:01 PM - edited 03-11-2019 03:07 AM
I need to allow a vendor to get ssh access to a device on my inside network. Of course I want to limit where the ssh is coming from and going to. Do the lines below look sufficient?
access-list acl_out permit tcp host outside.vendor.ip host my.outside.ip eq ssh
static (inside,outside) tcp my.outside.ip ssh my.internal.ip ssh netmask 255.255.255.255 0 0
Solved! Go to Solution.
- Labels:
-
NGFW Firewalls
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-30-2007 12:06 PM
Yes, unless "my.outside.ip" is the ip of your outside interface. In that case, replace "my.outside.ip" with the keywork "interface". Also apply the acl with "access-group acl_out in interface outside".

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-30-2007 12:06 PM
Yes, unless "my.outside.ip" is the ip of your outside interface. In that case, replace "my.outside.ip" with the keywork "interface". Also apply the acl with "access-group acl_out in interface outside".
