Cisco ASA Connect to CentOS 6.6 Server Via SSH From Outside to DMZ

Posted on 2014-12-21
Last Modified: 2014-12-22
Hello Experts:

I have one server in a DMZ60 network.  I need to make this server available to some contractors outside our network.   Therefore, I need to open ssh, http, and https from the DMZ60 to the OUTSIDE interface.  

I have been trying to get SSH working, but I still cannot get it.

This is what I have so far:


ASA# sh nat | incl 167.192.X.X   (External address)
98 (DMZ60) to (outside) source static web-192.168.X.X-dmz -websites-167.192.X.X-OUT
ASA# sh nat | incl 192.168.X.X  (DMZ address)
98 (DMZ60) to (outside) source static web-192.168.X.X-dmz -websites-167.192.X.X-OUT

ASA# sh run | incl 167.192.X.X   (External address)
object network websites-167.192.X.X-OUT
 host 167.192.X.X
access-list in1 extended permit tcp any object websites-167.192.X.X-OUT eq ssh
access-list DMZ60-in extended permit tcp any object websites-167.192.X.X-OUT eq ssh
 nat (DMZ60,outside) static websites-167.192.X.X-OUT

ASA# sh run | incl 192.168.X.X  (DMZ60 address)
object network web-192.168.X.X-dmz
 host 192.168.X.X
access-list in1 extended permit tcp any object web-192.168.X.X-dmz eq ssh
object network web-192.168.X.X-dmz

DMZ60-in and in1 are two ACL groups that have objects inside them.  I believe that the one DMZ60-in is the one for servers inside the DMZ and the in1 is for servers in the inside interface.

I think I do not need in1, but it is just there since I have no idea how to make this work.

The attache word document shows that output of Packet Tracer that I do not know if I am using properly.  

Question by:willie0-360
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment

Accepted Solution

willie0-360 earned 0 total points
ID: 40513874
All of the above configuration(s) is correct.  The problem was that I was using the wrong gateway on the Linux server.  Once I corrected that, everything started working.


Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question