Re: Publishing a SSH Server

Hello Steve

I did what you suggested but didn't work either. I don't think the problem
has anything to do with the SSH server itself becauseit works fine internally
and, besides, the connection gets drop at the ISA before the external client
can even reach the SSH server which has a private address and is located in
my DMZ zone.

Anyway thanks for your answer, is there anything else you would try?

Regards,

Wilmar

"Steve Arnold" wrote:

Hi
Your unix box cannot reply to SSH request, try below?
Create a client address set for your unix box (ip address from to are the
same), then create a new site and content rule to allow your unix box
outbound access to all external, like this
Rule = enable
Destinations = all external
schedule = always
action = allowed
applies to = client address set specified below (the unix box ip address)
http content = all content groups

This worked for me on ISA 2000 and 2004, I hope this helps you

Regards

Steve




"Jim Harrison (MSFT)" wrote:

What do your ISA logs show for that traffic?
Have you gathered a network capture to see what is happening "on the wire"?
--
--
Jim Harrison [ISA SE]
Read the help, books and articles!

This posting is provided "AS IS" with no warranties, and confers no rights.

"Wilmar" <Wilmar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:F238B6BA-7E2E-4190-807A-7F1275CC409A@xxxxxxxxxxxxxxxx
Hello Jim

In that case the server is a SecureNET client but still it doesn't work....
I'm really clueless with this thing. What would you do?

Regards

"Jim Harrison (MSFT)" wrote:

The IP settings on that box will use the ISA as the "last hop" to the Internet.
If ISA and the Linux box are in the same subnet, it will use the ISA internal IP as its default gateway.
If not, it will use the default gateway of the nearest router and your routing chain will use the ISA as the "last hop".
--
--
Jim Harrison [ISA SE]
Read the help, books and articles!

This posting is provided "AS IS" with no warranties, and confers no rights.

"Wilmar" <Wilmar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:5F275AFB-49DA-4566-92A5-4ABAE438D95B@xxxxxxxxxxxxxxxx
I'm testing from the external network. From the internal network and from
the ISA Local I can access the SSH server without problem. Just a question:
the SSH server run on a Linux box, do you know how I make sure it's running
as a SecureNET client?

Thanks

"Jim Harrison (MSFT)" wrote:

That's a potentially important point.
Server publishing requires that the published server be configured as a SecureNET client (uses ISA as the "last hop" to the
Internet)
Web publishing does not.

Where are you testing from; internal, ISA-local or external?
--
--
Jim Harrison [ISA SE]
Read the help, books and articles!

This posting is provided "AS IS" with no warranties, and confers no rights.

"Wilmar" <Wilmar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:3181A0DA-5D11-4D28-8502-510F81D0D89D@xxxxxxxxxxxxxxxx
Hello Jim

I also would like to let you know that in the same SSH server I'm trying to
publish, there's also a Web server that works without any problem and which I
was able to publish without any complication.

Thanks

"Jim Harrison (MSFT)" wrote:

Exactly how is your custom protocol defined?
What is the defined relationship between the two networks; NAT or route?

--
--
Jim Harrison [ISA SE]
Read the help, books and articles!

This posting is provided "AS IS" with no warranties, and confers no rights.

"Wilmar" <Wilmar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:AB9855CA-9D3C-44E7-9277-CCDEF8C0F20E@xxxxxxxxxxxxxxxx
Hello everybody.

I'm trying to publish an internal SSH server without much success so far.
What I did was to use the Server Publishing Rule and createa SSH server
protocol listening on inbound connection to port 22 through the external
interface and redirecting the request to the internal IP address of the SSH
server. Everytime I try to connect from an external clients the connection
just gets drop by the Default Rule.

I hope anyone can give me a hint on this.

Thanks a lot.

Wilmar












.

Relevant Pages

  • Re: Publishing a SSH Server
    ... Is the default gateway on the unix box the ISA server, ... challenge you if you go on the internet? ... has anything to do with the SSH server itself becauseit works fine internally ...
    (microsoft.public.isa.publishing)
  • Re: help connecting to my linux machine with verizon dsl via ssh
    ... Your westell modem is acting as a NAT router, taking packets from the ... Internet addressed to the apparent SSH server on 70.19.144.200:22 ... Tcpdump, or traceroute would provide the clues here. ...
    (comp.os.linux.networking)
  • Re: Publishing a SSH Server
    ... The IP settings on that box will use the ISA as the "last hop" to the Internet. ... If ISA and the Linux box are in the same subnet, it will use the ISA internal IP as its default gateway. ... Jim Harrison ... the ISA Local I can access the SSH server without problem. ...
    (microsoft.public.isa.publishing)
  • Re: Publishing a SSH Server
    ... ISA logs just shows that the intended connection to the SSH Server gests ... Jim Harrison [ISA SE] ... Internet) ...
    (microsoft.public.isa.publishing)
  • Re: Publishing a SSH Server
    ... also did you restart the server after these rules were setup? ... has anything to do with the SSH server itself becauseit works fine internally ... This worked for me on ISA 2000 and 2004, ... Jim Harrison ...
    (microsoft.public.isa.publishing)