Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3516
Views
4
Helpful
6
Replies

SSH through an ASA

Go to solution
mulhollandm
Level 1
Level 1

‎08-01-2008 12:20 PM - edited ‎03-11-2019 06:24 AM

folks

i'm new to the asa and i have a newly configured asa 5540 and i'm trying to ssh through it to an external router

routes etc are all ok

when i try an ssh i can see the outbound session built but the inbound reply is denied

i suspect this is because ssh is not included in the inspect rule for the inside interface

is this a possibility and if so how do i get round this

thanks to anyone taking the time to reply

ps - i have another post on the way re configuring dns through the same asa so i'm grateful to anyone taking the time to look at any of these posts

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni
In response to JORGE RODRIGUEZ

‎08-03-2008 06:30 PM

Are you sure the ASA is denying this traffic or the router? What are you seeing in the log (which makes you suspect that the ASA is denying this traffic?).

The setup is like this as per my understanding?

ASA-Outside (Ssh client) >> Router (SSH Server)

Also if the router is more than one hop away, make sure the router knows how to reach the ASA's outside itnerface.

Regards

Farrukh

View solution in original post

0 Helpful
6 Replies 6

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎08-01-2008 02:07 PM

Revice the configuration, go over this link, most common issue is not having aaa authentication ssh console LOCAL stament in your config, read the link and compare your configuration, if problems get back to us.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml

HTH

Jorge

Jorge Rodriguez

Go to solution
mulhollandm
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎08-03-2008 01:19 PM

jorge

thanks for the reply

i was able to use your link to set up ssh to the box so many thanks bit my problem is ssh through the box to a router on its outside interface

i think i need to enable ssh in the default inspection rule but i don't know how

thanks again for your reply

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to mulhollandm

‎08-03-2008 04:55 PM

Michael, can you post config, strip out public Ip info, there is no need for ssh inspection. Post config to take a look.

I suppose you are trying to ssh into asa from outside internet towards asa outside IP address, or are you trying to ssh to outside interface from inside LAN? can you clarify.

Jorge Rodriguez
0 Helpful

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni
In response to JORGE RODRIGUEZ

‎08-03-2008 06:30 PM

Are you sure the ASA is denying this traffic or the router? What are you seeing in the log (which makes you suspect that the ASA is denying this traffic?).

The setup is like this as per my understanding?

ASA-Outside (Ssh client) >> Router (SSH Server)

Also if the router is more than one hop away, make sure the router knows how to reach the ASA's outside itnerface.

Regards

Farrukh

0 Helpful

Go to solution
mulhollandm
Level 1
Level 1
In response to Farrukh Haroon

‎08-04-2008 12:20 PM

farrukh

many thanks for your efforts, they are greatly appreciated

the problem seems to be with the upstream router i'm trying to logon to - it seems to have lost a route back to my pc

i'm very grateful for your reply

0 Helpful

Go to solution
mulhollandm
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎08-04-2008 12:18 PM

jorge

many thanks for your replies to my problem - they are greatly appreciated

i think the problem is with the upstream router i think it has lost a route back to my pc - i say this because i see lots of syn timeouts when trying to complete the handshake

again, many thanks for for your time

0 Helpful
Review Cisco Networking for a $25 gift card
Top