?
Solved

Allow vender ssh access to a server on our LAN via DMZ

Posted on 2014-02-21
5
Medium Priority
?
599 Views
Last Modified: 2014-03-07
Hello,

I'm trying to allow a vender to connect to a Server inside our LAN to update software. The server is a (vmware) VM running CentOS 6.4 and has two nic cards configured (each on a virtual switch). One NIC is connected to our LAN 111.2 and the other is connected to the DMZ 112.2. I am using an ASA5505 running ASDM 6.2 and the ASA is 8.2. I have a NAT rule and Access rule set up to allow an outside IP from our ISP to link to our Servers DMZ IP but I can't ping the outside IP from the outside. I checked the firewall on the Server and icmp is configured to allow pings. From the Server I am able to ping the gateway of the DMZ and the  other Servers on the DMZ (including it's own DMZ IP). We have another server set up the same way and I can be ping that server's external IP from the outside. What am I missing? Any suggestions would be greatly appreciated.
0
Comment
Question by:pbmtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 29

Accepted Solution

by:
Jan Springer earned 1500 total points
ID: 39877508
Typically, the firewall listens on port 22 and so you can't port forward that port to an inside machine unless you are doing 1:1 NAT with that inside IP.

What I usually do in this instance is modify sshd_config to listen on another port (i.e., 24), port forward tcp 24 to the inside IP and update the outside access list appropriately.

If this server is running iptables, you will need to update that, as well.
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 39877552
can you share the firewall configuration for us to check the NATing and ACL in place?
0
 
LVL 62

Expert Comment

by:gheist
ID: 39897846
Gate one is nice web-based ssh client that logs their hacks.
0
 

Author Comment

by:pbmtech
ID: 39913772
Thanks everyone for you comments on this.
0
 

Author Comment

by:pbmtech
ID: 39913785
I've requested that this question be deleted for the following reason:

did not get an answer that resolved my problem and no more activity
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question