My goal is to allow any host to SSH into a server behind a NAT. My server is in a AWS VPC. A Juniper vSRX is serving as the gateway. The vSRX has a management, public, and private interface. The management and public interfaces have public IP addresses. The management interface is in the global routing instance. The public and private interfaces are in a separate routing instance.
What's the easiest way to allow any host on the Internet to SSH into the server? This is a sandbox environment, not connected to any corporate networks. I tried port forwarding an arbitrary port on the public IP of the public interface to port 22 on the private IP of the server. That didn't work either because I messed up somewhere or it is not possible. I think my AWS security groups permit this, my Juniper security zones allow any traffic to and from untrust and trust zones.
My other, less important question is can Juniper vSRX create a dynamic VPN (any host, any IP) with a StrongSwan IPSec client? Juniper's website only mentions support for two commercial IPSec clients for dynamic VPN. A VPN would be nice, but the users of this system do not own the commercial IPSec clients mentioned in the documentation.
No comments:
Post a Comment