• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 626
  • Last Modified:

Allow vender ssh access to a server on our LAN via DMZ


I'm trying to allow a vender to connect to a Server inside our LAN to update software. The server is a (vmware) VM running CentOS 6.4 and has two nic cards configured (each on a virtual switch). One NIC is connected to our LAN 111.2 and the other is connected to the DMZ 112.2. I am using an ASA5505 running ASDM 6.2 and the ASA is 8.2. I have a NAT rule and Access rule set up to allow an outside IP from our ISP to link to our Servers DMZ IP but I can't ping the outside IP from the outside. I checked the firewall on the Server and icmp is configured to allow pings. From the Server I am able to ping the gateway of the DMZ and the  other Servers on the DMZ (including it's own DMZ IP). We have another server set up the same way and I can be ping that server's external IP from the outside. What am I missing? Any suggestions would be greatly appreciated.
1 Solution
Jan SpringerCommented:
Typically, the firewall listens on port 22 and so you can't port forward that port to an inside machine unless you are doing 1:1 NAT with that inside IP.

What I usually do in this instance is modify sshd_config to listen on another port (i.e., 24), port forward tcp 24 to the inside IP and update the outside access list appropriately.

If this server is running iptables, you will need to update that, as well.
ffleismaSenior Network EngineerCommented:
can you share the firewall configuration for us to check the NATing and ACL in place?
Gate one is nice web-based ssh client that logs their hacks.
pbmtechAuthor Commented:
Thanks everyone for you comments on this.
pbmtechAuthor Commented:
I've requested that this question be deleted for the following reason:

did not get an answer that resolved my problem and no more activity
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now