The Layer 7 Gateway leverages the Route via SSH2 assertion in order to allow a published service policy to connect to an external system via SFTP or SCP for the purposes of transferring files. This assertion is useful for providing a method of secured and encrypted file transfer between two systems. This allows a file to be moved between two servers (with the Gateway between) with the assurance that the file has not been tampered with or its confidentiality violated. For more information on this assertion, please consult the Layer 7 Policy Manager User Manual for the applicable version of the Gateway being used.

In some circumstances, this routing assertion may fail (with below error message) because the Gateway was unable to complete a connection between itself and the protected SSH server.

Unable to connect to SSH server. SSH routing error: Unable to connect to ssh server: Connection reset

When a service policy containing the Route via SSH2 assertion experiences a routing failure, the following message may be presented in the Gateway log file or any applicable audit records:

com.l7tech.external.assertions.ssh.server.ServerSshRouteAssertion: 9434: SSH routing error: Unable to connect to ssh server: Connection reset

This issue occurs when the Gateway is unable to complete a TCP connection to the specified host. A "connection reset" specifies that the protected SSH server that the Gateway is connecting to has forcefully closed the connection before it can complete. The error is typically caused by a problem with the protected SSH server and the following items should be investigated on the destination of the?Route via SSH2 assertion:

• Ensure the destination server is online.
• Ensure the SSH service on the destination server is running.
• Verify the network connection between the Gateway and the SSH server via network troubleshooting tools (such as ping and traceroute)