09-12-2014 06:28 AM - edited 03-11-2019 09:45 PM
Hello
I have an ASA 5520 and I need to access an internal server via ssh this goes from e0/0 to e0/2 but is a ver simple config, but is not working.
Any one can help?
Thanks
Solved! Go to Solution.
09-12-2014 04:46 PM
You can try the following instead:
access-list CAPOUT permit tcp any host 200.80.209 eq 22
access-list CAPIN permit tcp any host 10.216.60.25 eq 22
capture cap-in interface inside access-list CAPIN
capture cap-out interface outside access-list CAPOUT
show cap-in
show cap-out
--
Please remember to select a correct answer and rate helpful posts
09-12-2014 11:44 AM
Hello,
As you said is a really straight-forward configuration and you already had it right :) which is good.
Now to determine what is going on please create captures
cap capout interface outside match tcp any host 200.80.209.69 eq 22
cap capin interface inside match tcp any host 10.216.60.25 eq 22
Then generate one connection and provide us
show cap capin
show cap capout
Regards
Jcarvaja
Senior Network Security and Core Specialist
CCIE #42930, 2-CCNP, JNCIS-SEC
For inmediate assistance hire us at http://inetworks.cr/our-rates/
09-12-2014 04:11 PM
Hello sir
I dont have the option "match"
capture cap interface outside ?
access-list Capture packets that match access-list
buffer Configure size of capture buffer, default is 512 KB
circular-buffer Overwrite buffer from beginning when full, default is
non-circular
ethernet-type Capture Ethernet packets of a particular type, default is IP
packet-length Configure maximum length to save from each packet, default
is 68 bytes
trace Trace the captured packets
Thanks.
09-12-2014 04:46 PM
You can try the following instead:
access-list CAPOUT permit tcp any host 200.80.209 eq 22
access-list CAPIN permit tcp any host 10.216.60.25 eq 22
capture cap-in interface inside access-list CAPIN
capture cap-out interface outside access-list CAPOUT
show cap-in
show cap-out
--
Please remember to select a correct answer and rate helpful posts
09-12-2014 01:21 PM
Chances are that there is a configuration error on the server you are trying to SSH to. I suggest checking that the server is set up to listen for port 22 and that SSH is not being blocked by any installed software firewall such as Windows firewall or some other such as Symantec..etc.
--
Please remember to select a correct answer and rate helpful posts
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: