Solved

Allow vender ssh access to a server on our LAN via DMZ

Posted on 2014-02-21
5
583 Views
Last Modified: 2014-03-07
Hello,

I'm trying to allow a vender to connect to a Server inside our LAN to update software. The server is a (vmware) VM running CentOS 6.4 and has two nic cards configured (each on a virtual switch). One NIC is connected to our LAN 111.2 and the other is connected to the DMZ 112.2. I am using an ASA5505 running ASDM 6.2 and the ASA is 8.2. I have a NAT rule and Access rule set up to allow an outside IP from our ISP to link to our Servers DMZ IP but I can't ping the outside IP from the outside. I checked the firewall on the Server and icmp is configured to allow pings. From the Server I am able to ping the gateway of the DMZ and the  other Servers on the DMZ (including it's own DMZ IP). We have another server set up the same way and I can be ping that server's external IP from the outside. What am I missing? Any suggestions would be greatly appreciated.
0
Comment
Question by:pbmtech
5 Comments
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 39877508
Typically, the firewall listens on port 22 and so you can't port forward that port to an inside machine unless you are doing 1:1 NAT with that inside IP.

What I usually do in this instance is modify sshd_config to listen on another port (i.e., 24), port forward tcp 24 to the inside IP and update the outside access list appropriately.

If this server is running iptables, you will need to update that, as well.
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 39877552
can you share the firewall configuration for us to check the NATing and ACL in place?
0
 
LVL 62

Expert Comment

by:gheist
ID: 39897846
Gate one is nice web-based ssh client that logs their hacks.
0
 

Author Comment

by:pbmtech
ID: 39913772
Thanks everyone for you comments on this.
0
 

Author Comment

by:pbmtech
ID: 39913785
I've requested that this question be deleted for the following reason:

did not get an answer that resolved my problem and no more activity
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
apache and php 3 109
Linux : can't create transaction lock error 1 62
VPN running on Windows 2008 Server 11 82
Set linux box as ip router 3 20
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now