Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
2
Replies

telnet & ssh to the zone based firewall router interface from Inside network behind NAT device

arumugasamy
Level 1
Level 1

‎03-27-2016 01:29 PM - edited ‎03-12-2019 12:32 AM

Dear All,

I am using the ZBFW in my edge router. Users are behind firewall and NAT for the internal user networks configured on ASA 5510 which is running 8.4 image. I want to ssh to the zone based firewall inside interface in order to manager it from being in inside network. Right now it is not working because the zone-pair is between inside to outside with inspect. there is no config for inside to self.

Could you give the example script for my requirement. my IP add 172.16.1.100/24. firewall mapped IP for it is 192.168.1.1. then 192.168.1.1 is one to one nat in power link load balancing device with 45.45.45.1 and ZBFW inside IP is 45.45.45.2. if I ssh to 45.45.45.2 from 172.16.1.100 it is not success. pls  

Thx

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎03-27-2016 02:46 PM

If you don't have a zone-pair with policy for inside to self, then the access to the router is allowed by default. The problem has to be somewhere else. Perhaps it's caused by having an overly complex setup?

Start you troubleshooting by enabling icmp and ssh-debug on the router and ping/ssh to the router. Observe the debug if there is something wrong.

0 Helpful

arumugasamy
Level 1
Level 1
In response to Karsten Iwen

‎03-27-2016 09:44 PM

Karsten,

Thanks for your comments. Do you believe due to inside to self policy is not there in zone-pair the issue is there. can you suggest me that adding one more zone-pair to apply to the inside to self

Thx

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card