ā04-20-2023 10:00 AM
i aded ssh 0.0.0.0 0.0.0.0 Outside but still cannot connect ssh to my outside interfae
do I also require any access-list?
do we have any example i can look at?
ā04-20-2023 10:16 AM
@nflnetwork that command should permit access SSH access from any IP address connecting on the outside interface, no ACL required.
Can you actually SSH to the ASA from any other interface?
Is authentication and RSA keypair already setup?
username admin password <password> privilege 15
crypto key generate rsa modulus 2048
aaa authentication ssh console LOCAL
ssh version 2
ā04-20-2023 11:04 AM
yes, it works on inside interface.
ā04-20-2023 10:16 AM
Try this way
Add new interfaces (any one)
Make it security level =0 and make security level of outside interface =1
Abd the try ssh to ASA
ā04-20-2023 10:48 AM - edited ā04-20-2023 10:50 AM
still not able to pass traffic.
ssh traffic on my outside interface OR inside traffic out to Outside other than ICMP
also noticing cannot get inside, outside traffic working now
i can ping 8.8.8.8 from inside host but cannot get anything else
no ACL should be required for this correct???
ge0/0 -wan
security level 1
ge 0/1 - lan
security level 100
nat (Inside,Outside) dynamic interface
ā04-20-2023 10:54 AM
No ACL require but there must be any interface in ASA that have security level lower than outside, add any dummy interface and check.
ā04-20-2023 10:58 AM
configured ge0/2 with security level 0
changed ge0/0 - wan to security level 1
same issue
ā04-20-2023 11:03 AM
if not solve you issue then check @Rob Ingram suggestion
ā04-20-2023 11:23 AM
Under g0/2
No shut
And check again.
Thanks
MHM
ā04-20-2023 11:26 AM
done. no change
ā04-20-2023 11:43 AM
Ok, last point to check is are you config any PAT of SSH in asa?
ā04-20-2023 11:53 AM
the only nat i have is
object network inside-subnet
subnet 192.168.254 255.255.255.0
nat (inside,outside) dynamic interface
ā04-20-2023 10:58 AM
@nflnetwork if you cannot from SSH from any interface do you even have the 3DES/AES license?
You didn't respond to the initial question regarding with you have a RSA keypair and authentication setup.
ā04-20-2023 11:12 AM
yes i can SSH from the inside interface - no issue
ā04-20-2023 11:21 AM
@nflnetwork so when you fail to SSH to the outside interface, where are you physically connected? You cannot be connected on the inside and SSH to the outside interface, that won't work. You'd need to SSH to the outside interface when connected on the outside.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide