Why the ASA firewall not accessible by ssh or telnet?

This is using ASA 5505 firewall, with both ssh and telnet configured to allow access from Internet. There is a router supporting in front of the firewall. This router is 1941, with both ssh and telnet are accessible from Internet. Currently, firewall can allow users to surf internet. The problem is my global support team can't ssh/telnet to the firewall from Internet, why?

Please see the config files
asa5505-config.txt
router1941-config.txt
MezzutOzilAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ernie BeekExpertCommented:
You'll need a user:
username test password test123
And tell the ASA to use local authentication:
aaa authentication ssh console LOCAL
Then a domain name:
domain-name mydomain.com
And create an RSA key:
crypto key generate rsa modulus 1024

Let's see how things go then.
0
MezzutOzilAuthor Commented:
Hi erniebeek,

still the same. This time round, when trying the ssh, I can see the ssh version, but not user name prompt...
0
Ernie BeekExpertCommented:
Ok,
What if you try to set up an ssh from the router to the firewall?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

MezzutOzilAuthor Commented:
hi erniebeek,

only see the SSH > SSH-1.99-Cisco-1.25
0
MezzutOzilAuthor Commented:
Hi erniebeek,

Any access list has to set on the router interface(s)?
0
Ernie BeekExpertCommented:
No, it's just routing so it should pass everything through.
I'm curious about that response though. What command did you gave on the router to connect to the firewall? Could you show a screendump?
0
MezzutOzilAuthor Commented:
Please see the updated asa 5505 config file...
asa5505-config2.txt
0
MezzutOzilAuthor Commented:
Hi erniebeek,

I'm sorry, I don't really get you, can you tell in more details?
0
Ernie BeekExpertCommented:
When you log on to the router and from there try to set up an SSH session to the firewall, like:

ssh -l ciscoadmin x.x.x.x with x.x.x.x being the public ip of the ASA

What do you see?
0
MezzutOzilAuthor Commented:
Hi erniebeek,

I can connect to the firewall ASA without problem...
0
Ernie BeekExpertCommented:
Ok, so you can ssh from the router to the outside of the ASA. That means the ASA config is ok.

Looking at the router I can't see anything that might be blocking an ssh passthrough......
It might be a good idea to check with your provider (singnet/singtel, is it?) and check if they are blocking ssh traffic.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MezzutOzilAuthor Commented:
Excellence!
0
Ernie BeekExpertCommented:
Ah so the ISP did it :)
Glad it's solved. Thx for the points.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.