Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ACL configuration on Cisco ASA 5510: Getting "Inbound TCP connection denied"

Posted on 2006-11-13
4
Medium Priority
?
11,288 Views
Last Modified: 2013-11-29
I am trying to SSH to an internal Linux machine from another Linux machine outside my network.

The Linux machine is 10.3.5.10 but is being nat'd at the firewall on IP 206.226.224.177.

From the external Linux machine:
> ssh -l root 206.226.224.177

The message I get on the ASA is:
%ASA-2-106001: Inbound TCP connection denied from 210.253.126.208/3096 to 206.226.224.177/22 flags SYN  on interface outside

Here's my ASA 5510 config:
...
access-list inbound extended permit tcp any host 206.226.224.177 eq ssh
static (dmz,outside) 206.226.224.177 10.3.5.10 netmask 255.255.255.255
...

0
Comment
Question by:8eindustrial
  • 2
  • 2
4 Comments
 

Author Comment

by:8eindustrial
ID: 17934672
not sure if this is relevant....

interface Ethernet0/2
 speed 100
 duplex half
 nameif dmz
 security-level 100
 ip address 10.3.5.1 255.255.255.0
0
 

Author Comment

by:8eindustrial
ID: 17934742
Found it.....

I needed the command

access-group inbound in interface outside
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 1500 total points
ID: 17935324
Yeap, you need to bind an access-list to an interface so that the device can identify the source and destination based on that.

Cheers,
Rajesh
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17935345
Oh, I didn't mean that to be an answer since you already found it :-) thnx anyways....

Cheers,
Rajesh
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question