We have a sftp server on the dmz. Will the following access list allow outside users to access the sftp server on port 22 from the outside?
access-list outside-acl extended permit tcp any host qq.ww.ee.rr
If you have all 3 statements then all tcp ports are allowed from the internet to your server. What you should do is
1) remove the line 11
2) add in the line for the specific port of 22
both of the above covered in the previous post
3) leave the line in that allows https
It should still work with only tcp so it looks like you need to check your NAT setup. What is the IP address of the server and is this server being natted to a public IP. If it is natted then you need to use the public IP in your acl entry.
To answer your question
no access-list outside-acl line 11 permit tcp any host qq.ww.ee.rr
access-list outside-acl line 11 permit tcp any host qq.ww.ee.rr eq ssh