02-08-2012 12:39 PM
I have a newly installed 5505 ASA device - and I am not that familiar with it yet. In fact, I only have a moderate level of experience in configuring routers at all.
We have an outside vendor who requires access to a phone device inside our network (ip 192.168.1.247) using TCP on port 22. When I try to configure, it seems to automatically translate port 22 to SSH service.
A) I cannot find anyting to indicate, but maybe I need to diable (?) SSH or change the default port for SSH?
B) I cannot find any clear steps to configure the port forwarding. I assume I need to establish an ACE, then a NAT Rule. Should that NAT include PAT? (This is where my 22 keeps changing to SSH and will not save.)
Any help would be appreciated. (Going slow for the novice would be appreciated even more.)
02-08-2012 06:41 PM
Ssh is typically bound to tcp port 22.
Sent from Cisco Technical Support iPad App
02-09-2012 10:39 AM
Eric
You can enter numeric 22 in the access list or NAT or PAT configuration and the ASA will automatically convert that to SSH. That conversion does not cause problems in and of itself.
Here are some things to think about that may help you find a solution:
- for the vendor to access the phone device on an inside private address the ASA will need some type of static translation.
- if you just did a translation that any incoming TCP port 22 connection translates to the inside address that would probably allow the vendor to access the phone device. But it would prevent any other incoming SSH access (which might or might not be a problem depending on your circumstances).
- if you have some available public address on the ASA other than the IP on the outside interface you might be able to do a static translation so that the public interface translates to the inside private address. This may be the most simple solution (but does require an available address).
- if the vendor could make that access request use a different destination port (perhaps 2222) then you could do a translation on the ASA such that any incoming TCP 2222 gets translated to the inside IP address and port 22.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide