• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 11342
  • Last Modified:

ACL configuration on Cisco ASA 5510: Getting "Inbound TCP connection denied"

I am trying to SSH to an internal Linux machine from another Linux machine outside my network.

The Linux machine is 10.3.5.10 but is being nat'd at the firewall on IP 206.226.224.177.

From the external Linux machine:
> ssh -l root 206.226.224.177

The message I get on the ASA is:
%ASA-2-106001: Inbound TCP connection denied from 210.253.126.208/3096 to 206.226.224.177/22 flags SYN  on interface outside

Here's my ASA 5510 config:
...
access-list inbound extended permit tcp any host 206.226.224.177 eq ssh
static (dmz,outside) 206.226.224.177 10.3.5.10 netmask 255.255.255.255
...

0
8eindustrial
Asked:
8eindustrial
  • 2
  • 2
1 Solution
 
8eindustrialAuthor Commented:
not sure if this is relevant....

interface Ethernet0/2
 speed 100
 duplex half
 nameif dmz
 security-level 100
 ip address 10.3.5.1 255.255.255.0
0
 
8eindustrialAuthor Commented:
Found it.....

I needed the command

access-group inbound in interface outside
0
 
rsivanandanCommented:
Yeap, you need to bind an access-list to an interface so that the device can identify the source and destination based on that.

Cheers,
Rajesh
0
 
rsivanandanCommented:
Oh, I didn't mean that to be an answer since you already found it :-) thnx anyways....

Cheers,
Rajesh
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now