Hi,
I cant ssh to inside interface access of ASA5505 firewall wihile ASDM and telnet are working. I have opened SSH access along with telnet and ASDM.
I can ssh to outside interface. Its very wied problem that SSH on inside interface is not working.
Below is the oconfiguration of my ASA5505 firewall. Any solution please
ASA Version 8.3(2)4
hostname MEL-ASA-01
domain-name xxxxxxxxxxxxxx
interface Vlan1
nameif inside
security-level 100
ip address 10.0.16.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address xxxxxxxxxx 255.255.255.252
!
interface Vlan50
shutdown
no forward interface Vlan1
nameif dmz
security-level 50
ip address 10.0.112.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
switchport access vlan 50
!
interface Ethernet0/7
switchport access vlan 50
!
boot system disk0:/asa832-4-k8.bin
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
access-list Inside_noNAT extended permit ip any object-group Edn_LAN
access-list Inside_noNAT extended permit ip any object VPN_Dialup
access-list Inside_noNAT extended permit ip object-group Edn_LAN interface inside
access-list Inside_OUT extended permit tcp object-group email_allowed_hosts object edn-exc-01 eq smtp
access-list Inside_OUT extended deny tcp any any eq smtp
access-list Inside_OUT extended permit ip any any
access-list Outside_IN extended permit icmp any any echo-reply
access-list Edinburgh_tun_acl extended permit ip object MEL_Lan object-group Edn_LAN
access-list Edinburgh_tun_acl extended permit ip object MEL_Lan object VPN_Dialup
pager lines 24
logging enable
logging trap critical
logging history critical
logging asdm warnings
mtu inside 1500
mtu outside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
nat (inside,any) source static any any destination static Edn_LAN Edn_LAN
nat (inside,any) source static any any destination static VPN_Dialup VPN_Dialup
!
object network obj_any
nat (inside,outside) dynamic interface
access-group Inside_OUT in interface inside
access-group Outside_IN in interface outside
route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http Edn_Svr 255.255.254.0 inside
http 10.0.16.0 255.255.255.0 inside
http xx.xx.xx.xx 255.255.255.224 outside
http Edn_Data 255.255.252.0 inside
snmp-server host inside 10.0.0.32 community ***** version 2c
snmp-server host inside 10.0.0.40 community ***** version 2c
snmp-server location Amsterdam
snmp-server contact
ts@xxxxxxxxxxxxxx
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps remote-access session-threshold-exceeded
telnet Edn_Data 255.255.252.0 inside
telnet 10.0.16.0 255.255.255.0 inside
telnet Edn_Svr 255.255.254.0 inside
telnet timeout 5
ssh Edn_Svr 255.255.254.0 inside
ssh 10.0.16.0 255.255.255.0 inside
ssh Edn_Data 255.255.252.0 inside
ssh 172.16.1.16 255.255.255.255 inside
ssh edn-pix2 255.255.255.255 outside
ssh 94.175.211.224 255.255.255.224 outside
ssh timeout 5
ssh version 2
console timeout 0
management-access inside
dhcpd option 150 ip 172.17.0.10
!
dhcpd address 10.0.16.128-10.0.16.192 inside
dhcpd dns 10.0.16.11 10.0.0.11 interface inside
dhcpd wins 10.0.0.11 10.0.0.12 interface inside
dhcpd lease 86400 interface inside
dhcpd ping_timeout 750 interface inside
dhcpd domain axiossystems.com interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.0.0.1 source outside prefer
webvpn
username xxxxx password xxxxxxxxxx encrypted privilege 15
tunnel-group xxxxxxxxxxxxx type ipsec-l2l
tunnel-group xxxxxxxxx ipsec-attributes
pre-shared-key *****
peer-id-validate cert
tunnel-group xxx type ipsec-l2l
tunnel-group xxxxxxxxxxxxx ipsec-attributes
pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:6xxxxxxxxxxxxxxxxxxxxxxxxxx
: end
