Solved

Allow vender ssh access to a server on our LAN via DMZ

Posted on 2014-02-21
5
586 Views
Last Modified: 2014-03-07
Hello,

I'm trying to allow a vender to connect to a Server inside our LAN to update software. The server is a (vmware) VM running CentOS 6.4 and has two nic cards configured (each on a virtual switch). One NIC is connected to our LAN 111.2 and the other is connected to the DMZ 112.2. I am using an ASA5505 running ASDM 6.2 and the ASA is 8.2. I have a NAT rule and Access rule set up to allow an outside IP from our ISP to link to our Servers DMZ IP but I can't ping the outside IP from the outside. I checked the firewall on the Server and icmp is configured to allow pings. From the Server I am able to ping the gateway of the DMZ and the  other Servers on the DMZ (including it's own DMZ IP). We have another server set up the same way and I can be ping that server's external IP from the outside. What am I missing? Any suggestions would be greatly appreciated.
0
Comment
Question by:pbmtech
5 Comments
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 39877508
Typically, the firewall listens on port 22 and so you can't port forward that port to an inside machine unless you are doing 1:1 NAT with that inside IP.

What I usually do in this instance is modify sshd_config to listen on another port (i.e., 24), port forward tcp 24 to the inside IP and update the outside access list appropriately.

If this server is running iptables, you will need to update that, as well.
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 39877552
can you share the firewall configuration for us to check the NATing and ACL in place?
0
 
LVL 62

Expert Comment

by:gheist
ID: 39897846
Gate one is nice web-based ssh client that logs their hacks.
0
 

Author Comment

by:pbmtech
ID: 39913772
Thanks everyone for you comments on this.
0
 

Author Comment

by:pbmtech
ID: 39913785
I've requested that this question be deleted for the following reason:

did not get an answer that resolved my problem and no more activity
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question