Remote SSH Connection on Cisco 857?

Answered Question
Jan 30th, 2009

Hi guys

I'v been playing with my Cisco 857 for a while now, and I have one problem. I can't setup remote connection (from home) through SSH to my router at work. I have tried all sources - Cisco website, Google, and can't find what I am looking for.

I would much apprecciated if you could help me. If you need a config file or something let me know. Just need some comands or how it should be setup to make it work.


I have this problem too.
0 votes
Correct Answer by Paolo Bevilacqua about 7 years 8 months ago

Hi, configure:

no access-list 1

access-list 1 permit

Also please assign to VLAN1.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Correct Answer
Paolo Bevilacqua Tue, 02/03/2009 - 03:09

Hi, configure:

no access-list 1

access-list 1 permit

Also please assign to VLAN1.

krysianrabiej Tue, 02/03/2009 - 03:20

ok I will do that, but how that can resolve my problem? That won't give me an access from public IP or will it?

chuckwirth Mon, 02/02/2009 - 10:54

Is this the configuration for the router you are trying to reach?

It looks as though your access list 23 is blocking the ssh traffic. Is the IP space of where you are trying to connect from?

Can you telnet to make sure you are not having problems with SSH?

To troubleshoot:

Use the

#show access-list

command to see statistics on what packets have matched.

Or, add the log command to the end of your access-list and then look at your log.

Create a new

#access-list 11 permit any log

and apply that to the vty interface instead of list 23. Try to ssh and then look at the log to see where the packet came from, it could be NATed. Create a new access-list based on the log information.

krysianrabiej Tue, 02/03/2009 - 01:27

Thanks for your answer.

No is not where I am trying access my router.

I am trying to access my router from public IP.

My Cisco 857 Router have public IP 77.44.xx.xx and I am trying to access it from 213.177.xx.xx.

On my local network I can access SSH and Telnest without problem.

Thanks a lot for your help

Paolo Bevilacqua Tue, 02/03/2009 - 03:42

Please configure as mentioned above. The ACL for NAT MUST define internal networks and cannot be "any".

In networking, try to be more receptive to seniors advice. You will find that in most cases, they know their stuff.

krysianrabiej Tue, 02/03/2009 - 04:04

Ok, I have done that, and thanks for your answer. I know I still need to learn a lot :) Just working on my CCNA.

Anyway is there still something I should change or add so I can connect from public IP to my router?

Could you have a look at my changes not sure if that is what you asked. Many thanks.


ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip dns server

ip nat inside source list 1 interface Dialer1 overload


access-list 1 permit

access-list 23 permit



interface Vlan1


ip address

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452


Paolo Bevilacqua Tue, 02/03/2009 - 04:56

It's easy to answer fast when a problem is well defined like your was.

Thanks for the nice rating and good luck!


This Discussion