Re: Port 22 NATed how to log into Firewall

yamikani2g2 · ‎05-14-2020

Good day Experts

Is there a way i can remote log into my firewall either from outside or inside issue is the SSH port from outside is NATed to an inside host when accessed from the outside.

I have a host in the DMZ and allowed ssh to its IP address still no luck i cant SSH into the firewall. How else can i remote manage it.

I dont have a switch to implement out of Band access on the mgt port.

thanks

balaji.bandi · ‎05-14-2020

Not sure how your network designed. Most of the time if you not able to allow connection directly to FW from outside(not a good security practice), you can have Jump box which can allow from inside to access FW for best practice.

if this is Only 1 FW serving internet for the business - if that is fails, you may need some one Physically connect to console and give you access other mean of connection to diagnosis.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

vsurresh · ‎05-14-2020

Hello.

When you say you can't log in, you mean you are not even getting the login prompt on the DMZ server? Have you tried checking live logs via ASDM to make sure the SSH traffic is arriving on the FW?

Regards
Suresh

yamikani2g2 · ‎05-23-2020

I can only log in via console. Remember the ports are mapped to servers.

thanks

Marvin Rhoads · ‎05-23-2020

As long as you first permit ssh from the server in the DMZ, you can use it to log into the firewall. You'd have to enter this into the firewall cli from config mode:

ssh dmz <DMZ host address> 255.255.255.255