1. Home
  2. Cisco Systems
  3. help w/ ssh

help w/ ssh

I'm trying to do some basics right now by just getting ssh going between the different interfaces and I can't seem to get any of them talking, meaning, one host on one network to another. And once I get them talking on the inside, I wanted to be able to access the networks from the outside w/ ssh only, web and other services will go to the DMZ. Can anyone see anything wrong w/ my config?

---------

5510(config)# write t?: Saved?:?ASA Version 7.0(7)?!?hostname 5510?enable password 8Ry2YjIyt7RRXU24 encrypted?names?name 192.168.4.0 dmz_NET?name 192.168.3.0 development_NET?name 192.168.2.0 cluster_NET?dns-guard?!?interface Ethernet0/0? nameif outside? security-level 0? ip address 123.456.789.123 255.255.255.0?!?interface Ethernet0/1? nameif dmz? security-level 20? ip address 192.168.4.1 255.255.255.0?!?interface Ethernet0/2? nameif cluster? security-level 60? ip address 192.168.2.1 255.255.255.0?!?interface Ethernet0/3? nameif development? security-level 60? ip address 192.168.3.1 255.255.255.0?!?interface Management0/0? nameif management? security-level 100? ip address 192.168.1.1 255.255.255.0? management-only?!?passwd 2KFQnbNIdI.2KYOU encrypted?ftp mode passive?same-security-traffic permit inter-interface?object-group network ALL_NETS? network-object development_NET 255.255.255.0? network-object dmz_NET 255.255.255.0? network-object cluster_NET 255.255.255.0?access-list inside_access_outside extended permit tcp any eq ssh any eq ssh?access-list outside_access_inside extended permit tcp any eq ssh any eq ssh?pager lines 24?logging asdm informational?mtu management 1500?mtu dmz 1500?mtu cluster 1500?mtu outside 1500?mtu development 1500?no failover?asdm image disk0:/asdm-507.bin?no asdm history enable?arp timeout 14400?nat-control?global (outside) 1 interface?nat (dmz) 1 dmz_NET 255.255.255.0?nat (cluster) 1 cluster_NET 255.255.255.0?nat (development) 1 development_NET 255.255.255.0?access-group inside_access_outside in interface dmz?access-group inside_access_outside in interface cluster?access-group outside_access_inside out interface outside?access-group inside_access_outside in interface development?route outside 0.0.0.0 0.0.0.0 123.456.789.1 1?timeout xlate 3:00:00?timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02?timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00?timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00?timeout uauth 0:05:00 absolute?http server enable?http 192.168.1.0 255.255.255.0 management?no snmp-server location?no snmp-server contact?snmp-server enable traps snmp authentication linkup linkdown coldstart?telnet timeout 5?ssh timeout 5?console timeout 0?dhcpd address 192.168.1.2-192.168.1.254 management?dhcpd lease 3600?dhcpd ping_timeout 50?dhcpd enable management?!?class-map inspection_default? match default-inspection-traffic?!?!?policy-map global_policy? class inspection_default?  inspect dns maximum-length 512?  inspect ftp?  inspect h323 h225?  inspect h323 ras?  inspect rsh?  inspect rtsp?  inspect esmtp?  inspect sqlnet?  inspect skinny?  inspect sunrpc?  inspect xdmcp?  inspect sip?  inspect netbios?  inspect tftp?!?service-policy global_policy global?Cryptochecksum:72e6fe1ca79afb9b335378fe051c5c37?: end?[OK]
Reply to
Jake
Loading thread data ...

Jake schrieb:

To start with, I cannot see anything at all with your config. Care to repost in a readable format?

Reply to
Tilman Schmidt

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.