Solved

Cisco ASA Connect to CentOS 6.6 Server Via SSH From Outside to DMZ

Posted on 2014-12-21
1
197 Views
Last Modified: 2014-12-22
Hello Experts:

I have one server in a DMZ60 network.  I need to make this server available to some contractors outside our network.   Therefore, I need to open ssh, http, and https from the DMZ60 to the OUTSIDE interface.  

I have been trying to get SSH working, but I still cannot get it.

This is what I have so far:


NAT:

ASA# sh nat | incl 167.192.X.X   (External address)
98 (DMZ60) to (outside) source static web-192.168.X.X-dmz -websites-167.192.X.X-OUT
ASA#
ASA#
ASA# sh nat | incl 192.168.X.X  (DMZ address)
98 (DMZ60) to (outside) source static web-192.168.X.X-dmz -websites-167.192.X.X-OUT


ASA# sh run | incl 167.192.X.X   (External address)
object network websites-167.192.X.X-OUT
 host 167.192.X.X
access-list in1 extended permit tcp any object websites-167.192.X.X-OUT eq ssh
access-list DMZ60-in extended permit tcp any object websites-167.192.X.X-OUT eq ssh
 nat (DMZ60,outside) static websites-167.192.X.X-OUT
ASA#


ASA# sh run | incl 192.168.X.X  (DMZ60 address)
object network web-192.168.X.X-dmz
 host 192.168.X.X
access-list in1 extended permit tcp any object web-192.168.X.X-dmz eq ssh
object network web-192.168.X.X-dmz
ASA#


DMZ60-in and in1 are two ACL groups that have objects inside them.  I believe that the one DMZ60-in is the one for servers inside the DMZ and the in1 is for servers in the inside interface.

I think I do not need in1, but it is just there since I have no idea how to make this work.

The attache word document shows that output of Packet Tracer that I do not know if I am using properly.  

cisco-asa-packet-tracer.docx
0
Comment
Question by:willie0-360
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
willie0-360 earned 0 total points
ID: 40513874
All of the above configuration(s) is correct.  The problem was that I was using the wrong gateway on the Linux server.  Once I corrected that, everything started working.

Thanks.
Willie
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Micorsoft SyncToy 2.1 - has suddenly stopped working 9 173
Finding printers IP addresses 6 84
Network Design for the New Building 25 121
Stream live video from Raspberry Pi camera 22 257
Managing 24/7 IT Operations is a hands-on job and indeed a difficult one. Over the years I have found some simple tips and techniques to increase the efficiency of the overall operations. The core concept has always been on continuous improvement; a…
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question