SSH and access-list problem

I have a 1710 acting as a router and VPN end point. I want to ssh from the outside but this is not working. I can ssh from the inside no problem. Everything points to an access-list issue. Can anyone help? see last line of ac100.
here's a dump of the ac:
-----------------------------------------------------------------------------
access-list 1 permit 192.168.42.0 0.0.0.255
access-list 1 permit 192.168.43.0 0.0.0.255
access-list 100 remark +-----------------------------------------------------+
access-list 100 remark +     INPUT ACCESS-LIST APPLIED ON INT. Eth 0         +
access-list 100 remark + This access-list control internet traffic coming in +
access-list 100 remark +  It also control traffic through the IPSEC tunnel   +
access-list 100 remark +-----------------------------------------------------+
access-list 100 permit udp host 137.122.252.230 host 199.243.179.226 eq isakmp
access-list 100 permit esp host 137.122.252.230 host 199.243.179.226
access-list 100 permit ip 192.168.43.0 0.0.0.255 192.168.42.0 0.0.0.255
access-list 100 permit icmp 192.168.43.0 0.0.0.255 192.168.42.0 0.0.0.255
access-list 100 permit icmp any 199.243.179.224 0.0.0.7 echo-reply
access-list 100 permit icmp any 199.243.179.224 0.0.0.7 time-exceeded
access-list 100 permit icmp any 199.243.179.224 0.0.0.7 traceroute
access-list 100 permit icmp any 199.243.179.224 0.0.0.7 unreachable
access-list 100 permit tcp any host 199.243.179.228 eq smtp
access-list 100 permit tcp 9.23.185.0 0.0.0.255 host 199.243.179.226 eq telnet
access-list 100 permit tcp any host 199.243.179.226 eq 22
access-list 104 remark +-----------------------------------------------------+
access-list 104 remark +  INPUT ACCESS-LIST APPLIED ON INT. FastEthernet 0   +
access-list 104 remark +-----------------------------------------------------+
access-list 104 permit ip 192.168.42.0 0.0.0.255 any
access-list 104 permit icmp any any
access-list 110 remark +-----------------------------------------------------+
access-list 110 remark +    This access-list is used for the IPSEC tunnel    +
access-list 110 remark +          It tell witch traffic to encrypt           +
access-list 110 remark +                                                     +
access-list 110 remark +-----------------------------------------------------+
access-list 110 permit ip 192.168.42.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 120 deny   ip 192.168.42.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 120 deny   ip host 192.168.42.2 192.168.43.0 0.0.0.255
access-list 120 permit ip 192.168.42.0 0.0.0.255 any
access-list 130 deny   ip host 192.168.42.6 192.168.43.0 0.0.0.255
access-list 130 permit ip host 192.168.42.6 any
!
route-map mailserver permit 10
 match ip address 130
!
route-map nonat permit 10
 match ip address 120
-------------------------------------------------------------------------------------------------
kdb01Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

stressedout2004Commented:
Config looks good. Do you have any access-class configured under line vty?
Can you post your line vty config?

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
noctotCommented:
  I know SSH uses both TCP and UDP port 22 but I don't know what it uses UDP for exactly. You might want to try allowing UDP traffic as well.
   On a side note, make sure you are using SSH2 if possible. SSH1 has some really serious security flaws.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.