Solved

Allow vender ssh access to a server on our LAN via DMZ

Posted on 2014-02-21
5
568 Views
Last Modified: 2014-03-07
Hello,

I'm trying to allow a vender to connect to a Server inside our LAN to update software. The server is a (vmware) VM running CentOS 6.4 and has two nic cards configured (each on a virtual switch). One NIC is connected to our LAN 111.2 and the other is connected to the DMZ 112.2. I am using an ASA5505 running ASDM 6.2 and the ASA is 8.2. I have a NAT rule and Access rule set up to allow an outside IP from our ISP to link to our Servers DMZ IP but I can't ping the outside IP from the outside. I checked the firewall on the Server and icmp is configured to allow pings. From the Server I am able to ping the gateway of the DMZ and the  other Servers on the DMZ (including it's own DMZ IP). We have another server set up the same way and I can be ping that server's external IP from the outside. What am I missing? Any suggestions would be greatly appreciated.
0
Comment
Question by:pbmtech
5 Comments
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
Comment Utility
Typically, the firewall listens on port 22 and so you can't port forward that port to an inside machine unless you are doing 1:1 NAT with that inside IP.

What I usually do in this instance is modify sshd_config to listen on another port (i.e., 24), port forward tcp 24 to the inside IP and update the outside access list appropriately.

If this server is running iptables, you will need to update that, as well.
0
 
LVL 9

Expert Comment

by:ffleisma
Comment Utility
can you share the firewall configuration for us to check the NATing and ACL in place?
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Gate one is nice web-based ssh client that logs their hacks.
0
 

Author Comment

by:pbmtech
Comment Utility
Thanks everyone for you comments on this.
0
 

Author Comment

by:pbmtech
Comment Utility
I've requested that this question be deleted for the following reason:

did not get an answer that resolved my problem and no more activity
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now