01-21-2008 01:20 PM - edited 03-03-2019 08:21 PM
Currently our ISP assigned me 12.x.x.250/30 use as serial interface IP address and one LAN Block 16.x.x.144/28. From outside the network, I am able to ssh to 12.x.x.250 of my router, but I couldn't ssh to 16.x.x.145. Heres is my configure:
ip dhcp excluded-address 172.16.1.1 172.16.1.20
!
ip dhcp pool Sav
import all
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
domain-name x.com
dns-server 13.x.x.67 13.x.x.68
lease 0 8
!
interface Ethernet0/0
no ip address
shutdown
half-duplex
!
interface Serial0/0
description T1 To
ip address 12.x.x.250 255.255.255.252
ip nat outside
encapsulation ppp
service-module t1 clock source internal
service-module t1 timeslots 1-24
!
interface Ethernet0/1
description Connect To LAN
ip address 172.16.1.1 255.255.255.0
ip nat inside
full-duplex
!
ip nat inside source list 7 interface Serial0/0 overload
ip nat inside source static 172.16.1.2 16.x.x.145
ip nat inside source static 172.16.1.3 16.x.x.146
ip nat inside source static 172.16.1.4 16.x.x.147
ip nat inside source static 172.16.1.5 16.x.x.148
ip nat inside source static 172.16.1.6 16.x.x.149
ip nat inside source static 172.16.1.7 16.x.x.150
ip classless
ip route 0.0.0.0 0.0.0.0 12.x.x.249
no ip http server
!
access-list 7 remark Access to Internet
access-list 7 permit 172.16.1.0 0.0.0.255
!
01-21-2008 01:48 PM
Ken
If I am understanding your question correctly you are attempting SSH to 16.x.x.145. I see in the config that 16.x.x.145 is translated to 172.16.1.2. So my first question is what device is 172.16.1.2, is it available on line (can you ping it from the router, and does it have access to network resources), and is it configured to accept SSH connections?
If we know these aspects of it, we may know better how to approach the solution to your issue.
HTH
Rick
01-21-2008 01:56 PM
Hi Rick,
It is a Cisco 3750 switch connected to router, and it accepts SSH and telnet. I can ping it from the switch from router.
Thanks,
Ken
01-21-2008 02:21 PM
Ken
Thanks for the clarification. Is there anything on the 3750 restricting access (any access lists anywhere or any access-class on the vty)?
If you run debug for ssh and then attempt SSH from outside does the switch see the connection attempt? (is the problem on the way in or on the way out?)
HTH
Rick
01-22-2008 06:35 AM
Hi Rick,
It works now.
Thank you!
Ken
01-21-2008 02:18 PM
Ken,
I just duplicated your config here in a lab and it should work provided your ISP is advertising that block out to the internet.
Here is my NAT table:
Pro Inside global Inside local Outside local Outside global
icmp 16.1.1.145:1 172.16.1.2:1 12.1.1.249:1 12.1.1.249:1
icmp 16.1.1.145:2 172.16.1.2:2 12.1.1.249:2 12.1.1.249:2
icmp 16.1.1.145:3 172.16.1.2:3 12.1.1.249:3 12.1.1.249:3
___
ping 16.1.1.145
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 16.1.1.145, timeout is 2 seconds:
!!!!!
HTH,
__
Edison.
01-22-2008 06:34 AM
Hi Edison,
It works. There is an ACL issue.
Thanks,
Ken
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide