SRX Services Gateway
Highlighted
SRX Services Gateway

unable to ssh from outside

‎04-24-2018 04:44 AM

I am unable to ssh from outside but internally i can login to srx210 device

 

ge-0/0/0 untrust

ge-0/0/1 trust

  -------------------------                        Security Zones            -------------------------------------

root@# show security zones
security-zone Internal {
address-book {
address addr_192_168_2_0_24 192.168.2.0/24;
}
host-inbound-traffic {
system-services {
all;
http;
https;
ssh;
ping;
}
}
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
http;
ssh;
}
}
}
}
}
security-zone Internet {
screen untrust-screen;
host-inbound-traffic {
system-services {
ike;
}
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
ssh;
ping;
}
}
}
}
}
security-zone corp-vpn {
address-book {
address net-cfgr_192-168-5-0--24 192.168.5.0/24;
}
}

 

---------------------------------------------------------------------------------------------------------------------------------------------------

root@ochyd> show security zones

Security zone: Internal
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
ge-0/0/1.0

Security zone: Internet
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Screen: untrust-screen
Interfaces bound: 1
Interfaces:
ge-0/0/0.0

 

Security zone: junos-host
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 0
Interfaces:

 

7 REPLIES 7
Highlighted
SRX Services Gateway

Re: unable to ssh from outside

‎04-24-2018 05:16 PM

So far the config looks good.  Are you doing any destination nat port forwarding that might be interfering with the ip access to the SRX interface address?

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: unable to ssh from outside

‎04-24-2018 09:13 PM

root@> show security nat source pool all
Total pools: 0

root@> show security nat destination pool all
Total destination-nat pools: 0

----------------------------------------------------------------------------------------

root@> show security nat destination summary
Total pools: 0

Total rules: 0

 

root@> show security nat source summary
Total port number usage for port translation pool: 0
Maximum port number for port translation pool: 67108864
Total pools: 0

Total rules: 1
Rule name                 Rule set                  From                           To                                                   Action
nsw-src-interface       nsw_srcnat           Internal                        Internet                                          interface

 

 

Highlighted
SRX Services Gateway

Re: unable to ssh from outside

‎04-24-2018 09:48 PM

Hi,

 

Please add below command

 

set system services ssh

 

 

Highlighted
SRX Services Gateway

Re: unable to ssh from outside

‎04-24-2018 09:51 PM

Any firewall filters?

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Highlighted
SRX Services Gateway

Re: unable to ssh from outside

‎04-24-2018 10:10 PM

ssh is working with intranet ip but issue is with public ip

Highlighted
SRX Services Gateway

Re: unable to ssh from outside

‎04-24-2018 10:11 PM

i posted security zones here

Highlighted
SRX Services Gateway

Re: unable to ssh from outside

‎04-24-2018 10:44 PM

root@> show interfaces ge-0/0/0 brief
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Link-level type: Ethernet, MTU: 1514, Speed: 1000mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled,
Auto-negotiation: Enabled, Remote fault: Online
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Link flags : None

Logical interface ge-0/0/0.0
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Security: Zone: Internet
Allowed host-inbound traffic : ping ssh ike
inet  2.2.2.3/19

Feedback