cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1876
Views
5
Helpful
17
Replies

unable to ssh to ASA on outside interface?

nflnetwork
Level 1
Level 1

i aded ssh 0.0.0.0 0.0.0.0 Outside but still cannot connect ssh to my outside interfae 

 

do I also require any access-list?

 

do we have any example i can look at?

17 Replies 17

@nflnetwork that command should permit access SSH access from any IP address connecting on the outside interface, no ACL required.

Can you actually SSH to the ASA from any other interface?
Is authentication and RSA keypair already setup?

Example - https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118075-configure-asa-00.pdf

username admin password <password> privilege 15
crypto key generate rsa modulus 2048
aaa authentication ssh console LOCAL
ssh version 2

 

yes, it works on inside interface. 

Try this way

Add new interfaces (any one)

Make it security level =0 and make security level of outside interface =1

Abd the  try ssh to ASA

still not able to pass traffic.

 

ssh traffic on my outside interface OR inside traffic out to Outside other than ICMP 

 also noticing cannot get inside, outside traffic working now 

 

i can ping 8.8.8.8 from inside host but cannot get anything else 

 

no ACL should be required for this correct???

 

ge0/0 -wan 

security level 1

 

ge 0/1 - lan 

security level 100

nat (Inside,Outside) dynamic interface 

 

No ACL require but there must be any interface in ASA that have security level lower than outside, add any dummy interface and check.

configured ge0/2 with security level 0 

changed ge0/0 - wan to security level 1

same issue 

if not solve you issue then check @Rob Ingram  suggestion 

Under g0/2

No shut 

And check again. 

Thanks 

MHM

done. no change

Ok, last point to check is are you config any PAT of SSH in asa? 

the only nat i have is 

 

object network inside-subnet
subnet 192.168.254 255.255.255.0
nat (inside,outside) dynamic interface

 

@nflnetwork if you cannot from SSH from any interface do you even have the 3DES/AES license?

You didn't respond to the initial question regarding with you have a RSA keypair and authentication setup.

yes i can SSH from the inside interface - no issue 

@nflnetwork so when you fail to SSH to the outside interface, where are you physically connected? You cannot be connected on the inside and SSH to the outside interface, that won't work. You'd need to SSH to the outside interface when connected on the outside.

 

Review Cisco Networking for a $25 gift card