02-02-2009 05:56 PM - edited 03-11-2019 07:44 AM
Looking at the diagram, is it possible to
ssh from the WinXP machine to both Eth0 (
IP address 192.168.2.2) and Eth1 (IP
address 192.168.3.2)? If it is possible,
how do I go about doing it?
Thanks.
02-02-2009 06:13 PM
David, my opinion ..
You can ssh to E0 provided you have allow ssh to WinXP. One cannot ssh to E1 from WinXP unless you have an Ipsec tunnel , and management-access statement in ASA firewall.
{edit}
Actually... let me re-look at the diagram again.
I read to quick, you shoudl be able to SSH to both hosts 192.168.2.2 and 192.168.3.2 through alc permittng ssh through outside interface.
02-02-2009 06:32 PM
WinXP can ssh to 192.168.2.2 without any
issues. That's easy.
When WinXP ssh to host 192.168.3.2, this
is where you run into asymetric route.
In other words, traffics will Enter E0,
leave E2 and comeback into E1.
How does ASA handle it?
02-02-2009 06:44 PM
Is centOS 192.168.3.2 gateway 192.168.3.1? and what message is showing in asdm log for the traffic back.
02-02-2009 06:47 PM
CentOS gateway has two NICs: 192.168.2.2 (eth1) and 192.168.3.2 (eth2). CentOS' default gateway is 192.168.2.1
02-02-2009 06:54 PM
If Im understanding this right, I see the asymetric routing but I believe the centOS 192.168.3.2 does not know to get backout on E2 as it supose to but using centOS only default gateway 192.168.2.1, if centOS NIC2 192.168.3.2 had a default gateway of 3.1 it should get backout on E2.. unless Im missing something.
02-02-2009 07:01 PM
Here is the flow sequence:
WinXP makes an SSH connection to 192.168.3.2.
Traffics will hit ASA E0, go out of E2
interface. It will then hit Eth2
interface of CentOS.
On the return path, traffics will leave
Eth1 of CentOS because the default gateway for CentOS is 192.168.2.1. Now,
you got asymetric route.
02-02-2009 07:17 PM
This is a good one and to be honest I would have to lab this out, anyone can provide some thoughts , E1 should not be taking that traffic E2 back out E0 , I wander if ip verify reverse-path would prevent this.
02-09-2009 05:14 PM
Anyone know if this is possible with ASA
appliance? Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide