Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ACL configuration on Cisco ASA 5510: Getting "Inbound TCP connection denied"

Posted on 2006-11-13
4
Medium Priority
?
11,214 Views
Last Modified: 2013-11-29
I am trying to SSH to an internal Linux machine from another Linux machine outside my network.

The Linux machine is 10.3.5.10 but is being nat'd at the firewall on IP 206.226.224.177.

From the external Linux machine:
> ssh -l root 206.226.224.177

The message I get on the ASA is:
%ASA-2-106001: Inbound TCP connection denied from 210.253.126.208/3096 to 206.226.224.177/22 flags SYN  on interface outside

Here's my ASA 5510 config:
...
access-list inbound extended permit tcp any host 206.226.224.177 eq ssh
static (dmz,outside) 206.226.224.177 10.3.5.10 netmask 255.255.255.255
...

0
Comment
Question by:8eindustrial
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 

Author Comment

by:8eindustrial
ID: 17934672
not sure if this is relevant....

interface Ethernet0/2
 speed 100
 duplex half
 nameif dmz
 security-level 100
 ip address 10.3.5.1 255.255.255.0
0
 

Author Comment

by:8eindustrial
ID: 17934742
Found it.....

I needed the command

access-group inbound in interface outside
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 1500 total points
ID: 17935324
Yeap, you need to bind an access-list to an interface so that the device can identify the source and destination based on that.

Cheers,
Rajesh
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17935345
Oh, I didn't mean that to be an answer since you already found it :-) thnx anyways....

Cheers,
Rajesh
0

Featured Post

Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question