8eindustrial
asked on
ACL configuration on Cisco ASA 5510: Getting "Inbound TCP connection denied"
I am trying to SSH to an internal Linux machine from another Linux machine outside my network.
The Linux machine is 10.3.5.10 but is being nat'd at the firewall on IP 206.226.224.177.
From the external Linux machine:
> ssh -l root 206.226.224.177
The message I get on the ASA is:
%ASA-2-106001: Inbound TCP connection denied from 210.253.126.208/3096 to 206.226.224.177/22 flags SYN on interface outside
Here's my ASA 5510 config:
...
access-list inbound extended permit tcp any host 206.226.224.177 eq ssh
static (dmz,outside) 206.226.224.177 10.3.5.10 netmask 255.255.255.255
...
The Linux machine is 10.3.5.10 but is being nat'd at the firewall on IP 206.226.224.177.
From the external Linux machine:
> ssh -l root 206.226.224.177
The message I get on the ASA is:
%ASA-2-106001: Inbound TCP connection denied from 210.253.126.208/3096 to 206.226.224.177/22 flags SYN on interface outside
Here's my ASA 5510 config:
...
access-list inbound extended permit tcp any host 206.226.224.177 eq ssh
static (dmz,outside) 206.226.224.177 10.3.5.10 netmask 255.255.255.255
...
ASKER
Found it.....
I needed the command
access-group inbound in interface outside
I needed the command
access-group inbound in interface outside
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oh, I didn't mean that to be an answer since you already found it :-) thnx anyways....
Cheers,
Rajesh
Cheers,
Rajesh
ASKER
interface Ethernet0/2
speed 100
duplex half
nameif dmz
security-level 100
ip address 10.3.5.1 255.255.255.0