cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
275
Views
0
Helpful
4
Replies

SSH error configuration

opnineopnine
Level 1
Level 1

Hello 

 

I have an ASA 5520 and I need to access an internal server via ssh  this goes from e0/0 to e0/2 but is a ver simple config, but is not working.

 

Any one can help?

 

Thanks

1 Accepted Solution

Accepted Solutions

You can try the following instead:

access-list CAPOUT permit tcp any host 200.80.209 eq 22

access-list CAPIN permit tcp any host 10.216.60.25 eq 22

capture cap-in interface inside access-list CAPIN

capture cap-out interface outside access-list CAPOUT

show cap-in

show cap-out

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

4 Replies 4

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

 

As you said is a really straight-forward configuration and you already had it right :) which is good.

 

Now to determine what is going on please create captures

 

cap capout interface outside match tcp any host 200.80.209.69 eq 22

cap capin interface inside match tcp any host 10.216.60.25 eq 22

 

Then generate one connection and provide us

show cap capin

show cap capout

 

Regards

Jcarvaja
Senior Network Security and Core Specialist
CCIE #42930, 2-CCNP, JNCIS-SEC
For inmediate assistance hire us at http://inetworks.cr/our-rates/

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hello sir

 

I dont have the option "match"

 

capture cap interface outside ?

  access-list      Capture packets that match access-list
  buffer           Configure size of capture buffer, default is 512 KB
  circular-buffer  Overwrite buffer from beginning when full, default is
                   non-circular
  ethernet-type    Capture Ethernet packets of a particular type, default is IP
  packet-length    Configure maximum length to save from each packet, default
                   is 68 bytes
  trace            Trace the captured packets

 

Thanks.

You can try the following instead:

access-list CAPOUT permit tcp any host 200.80.209 eq 22

access-list CAPIN permit tcp any host 10.216.60.25 eq 22

capture cap-in interface inside access-list CAPIN

capture cap-out interface outside access-list CAPOUT

show cap-in

show cap-out

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Chances are that there is a configuration error on the server you are trying to SSH to.  I suggest checking that the server is set up to listen for port 22 and that SSH is not being blocked by any installed software firewall such as Windows firewall or some other such as Symantec..etc.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: