Hello - thanks for your reply.  I saved a copy of "sh run" so I've extracted most of the information you require below.  

Is there anything that would prevent SSH from running/listening on a non-svi interface/IP? I just dont know why it would work on an SVI but not an L3 interface. Its like the service just isn't responding to ssh on the L3 interface.

Here are the details:

1) The SVI where ssh works when I connect to the switch and ssh directly:

interface Vlan10
  ip address 192.168.12.100 255.255.255.0
!

2) The L3 interface where SSH does not work (but ping works just fine) when coming from internet:

interface GigabitEthernet1/48
  no switchport
  ip address XXX.XXX.XXX.30 255.255.255.252
!

3) ACL 99 for securing vty:

access-list 99 permit aaa.bbb.ccc.18
access-list 99 permit aaa.bbb.ccc.122
access-list 99 permit 192.168.1.0 0.0.0.255
access-list 99 permit 192.168.11.0 0.0.0.255
access-list 99 permit 192.168.12.0 0.0.0.255
access-list 99 permit 192.168.111.0 0.0.0.255
access-list 99 permit 192.168.222.0 0.0.0.255
access-list 99 deny any log

4) line config:

line con 0
   logging synchronous
   transport preferred none
   stopbits 1
line vty 0 4
   access-class 99 in
   logging synchronous
   transport preferred none
   transport input ssh
line vty 5 15
   access-class 99 in
   logging synchronous
   transport preferred none
   transport input ssh
!

5) Routing lines from sh run:

ip default-gateway XXX.XXX.XXX.29
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.29

6) Other notes

-I'm running this version: cat4500-entservicesk9-mz.150-2.SG10.bin

-I've tried rebooting the switch

Any assistance would be greatly appreciated, thank you!

Thank you for the detailed information.

1. Quick test, if you remove ACL in from VTY Line does this work ?

2. What is the IP from Public you try to connect to in ? .18 or .122 ? or any one not working ? 

3. how about other Public IP address ( i know you have mentioned other getting access - not confirmed from Internet or local).

3. Also other side these interface configured /32 IP address as point to point (i am guessing)  - is this Public Address or private.

4. If this Interface configured as Private addres space - Do you have NAT for these IP address configured for that interface. ?

Other part we are not sure, if some one configured IP SSH Source interface 

like below syntax allow you  to configure :

config)#ip ssh ?
  authentication-retries  Specify number of authentication retries
  dscp                    IP DSCP value for SSH traffic
  logging                 Configure logging for SSH
  precedence              IP Precedence value for SSH traffic
  source-interface        Specify interface for source address in SSH
                          connections
  time-out                Specify SSH time-out interval
  version                 Specify protocol version supported

Hello - thanks again for your continued help. Answers to your questions:

1) If I try to to ssh to the L3 interface/IP from an IP that is not in the ACL then I get "connection refused". 

When I try to ssh to the L3 interface/IP from an IP that is IN the ACL then I get "connection timed out".  

This tells me that the ACL is working because it rejects IP's not in the ACL, but when it lets traffic through there is nothing "listening" on the L3 interface so it times out?

2) To clarify, the switch only has 2 IP's: 

i) SVI on VLAN 10 configured as follows (private IP on VLAN 10):

interface Vlan10
  ip address 192.168.12.100 255.255.255.0
!

ii) An L3 interface configured as follows (connected to the internet, public IP):

interface GigabitEthernet1/48
  no switchport
  ip address XXX.XXX.XXX.30 255.255.255.252
!

When I connect my laptop directly to an access port ( switchport access vlan 10; switchport mode accesss) and ssh to the SVI it works fine as per my initial (of course I give my laptop a static IP within the VLAN10 subnet).

However, when I try to SSH to the L3/IP which is public it does not work (timeout).  Ping works fine.  Also, note that I also tried connecting my laptop directly to the L3 port (instead of it going to the gateway) and I assigned the gateway's IP to my laptop and I could ping the L3 interface but again ssh just times out.

3) All putlic IP in the ACL gets gets "connection timed out".  If I try from an IP that isn't in the ACL then I get "connection refused". 

4) The SVI is private IP space.  The L3 interface is public IP.  See my initial post, I can ping just fine so there is connectivity. Also, I get "connection refused" if the source internet IP is NOT in ACL, and I get "connection timed out" if it is in the ACL... so I think this means the ACL is working - it blocks unknown IP's, and it allows known IP's through - but then it times out because L3 interface is not listning for ssh?  not sure

5) regarding IP ssh source interface - isn't this for OUTBOUND ssh. So if I'm already on the switch and I try to connect to another ssh?  How does this affect this scenario. I can run this command tomorrow to advise you as I dont have the switch with me and remote ssh isn't working yet (as per this post)

thanks again - any thoughts?

If you saved a copy of the running config it would be helpful to see it. I am especially interested in the possibility of some type of control plane policing or other control that would restrict access using SSH.

Thanks for the input and explanation. it is much clear about the problem.

1. Just to clarify some of the things before we go deep, i still remove ACL in from VTY and Test - Is this works ?

2. Post complete configuration, there may be small piece of information we missing here.