Solved

ACL configuration on Cisco ASA 5510: Getting "Inbound TCP connection denied"

Posted on 2006-11-13
4
10,990 Views
Last Modified: 2013-11-29
I am trying to SSH to an internal Linux machine from another Linux machine outside my network.

The Linux machine is 10.3.5.10 but is being nat'd at the firewall on IP 206.226.224.177.

From the external Linux machine:
> ssh -l root 206.226.224.177

The message I get on the ASA is:
%ASA-2-106001: Inbound TCP connection denied from 210.253.126.208/3096 to 206.226.224.177/22 flags SYN  on interface outside

Here's my ASA 5510 config:
...
access-list inbound extended permit tcp any host 206.226.224.177 eq ssh
static (dmz,outside) 206.226.224.177 10.3.5.10 netmask 255.255.255.255
...

0
Comment
Question by:8eindustrial
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 

Author Comment

by:8eindustrial
ID: 17934672
not sure if this is relevant....

interface Ethernet0/2
 speed 100
 duplex half
 nameif dmz
 security-level 100
 ip address 10.3.5.1 255.255.255.0
0
 

Author Comment

by:8eindustrial
ID: 17934742
Found it.....

I needed the command

access-group inbound in interface outside
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 17935324
Yeap, you need to bind an access-list to an interface so that the device can identify the source and destination based on that.

Cheers,
Rajesh
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17935345
Oh, I didn't mean that to be an answer since you already found it :-) thnx anyways....

Cheers,
Rajesh
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question