We have a public /24 subnet delegated to us by our ISP. Due to how this connection is setup I can't just allow what I need on the outside interface, which is ssh (on my other firewall I just do ssh xx.xx.xx.xx 255.255.255.255 Outside and that's it). But in this one connections to my actual Outside interface are not allowed, so they have delegated a /24 and we currently use some of those IPv4 addresses for a public website, development, etc (they are then translated to the internal host IPv4 (private) address). The issue I have is that I need to pick one unused (which I did) and allow a remote host to ssh using this IPv4 address on my side (one from the /24). I've created a rule that specify that this remote host is allowed (tcp/22) and the destination address is one of the /24 addresses and when this connection is attempted I can see that the ASA is receiving the request but no connection can be completed, and the logs have "Duplicate TCP SYN From Inside ... with different initial sequence number".
I would like to know if this is possible to do instead of just allowing the connection to an internal host since we need that the remote entity is allowed to manage the firewall via ssh
Regards
O