cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
986
Views
5
Helpful
8
Replies

1721 Config Update, Pinholes and Help

jwynacht
Level 1
Level 1

Hi,

I recently updated my Cisco 1721 to use IOS 12.4 so I could ssh to the router. It all seems to be running just dandy and I'm happy with that. You can view the config here:

http://www.objectevolution.com/temp/config.txt

Now, I've got a couple questions for you all:

1. I'd like to create a pinhole so to speak so I can ssh directly to a server on the internal network. I've done some research, Googling, etc. and it seems like this is the way to go:

http://www.joe-ma.co.za/page.php?15

So in my case I want to do ssh:

nat inside source static tcp MY_INTERNAL_SERVER 22 interface dialer 1 22

Right?

2. I haven't touched my config in some time and am wondering if you have suggestions for me, things to update, etc. I've got that Hardening Cisco Routers book I'm going to go through this evening. Anything else?

Heckles, suggestions always welcome ;-)

Thanks!

Jon

2 Accepted Solutions

Accepted Solutions

Lucien Avramov
Level 10
Level 10

For 1., you are correct.

I suggest you also to look at DDNS, you can have your router to register to the DDNS server when the ip on dialer int changes. That will allow you to always be able to resolve your server if you dont have a static IP and dns service.

View solution in original post

8 Replies 8

Lucien Avramov
Level 10
Level 10

For 1., you are correct.

I suggest you also to look at DDNS, you can have your router to register to the DDNS server when the ip on dialer int changes. That will allow you to always be able to resolve your server if you dont have a static IP and dns service.

Nipper is awesome! Thanks for the recommendation!

Thank Stretch. He's the one with the awesome web site.

One more question...seems I can't do something like this:

ip nat inside source static tcp 192.168.1.60 22 interface Dialer1 33333

How come?

Also (!!!) if I have a static ip (1 or more) I can do this too, right:

ip nat inside source static tcp 192.168.1.60 22 MY_STATIC_IP 22

??

So, I'm thinking I'd use a PAM entry like this:

access-list 10 permit INTERNAL_SERVER_ID

ip port-map ssh port 33333 list 10

to accomplish my mapping:

outside port 33333 | inside port 22

Yeah?

And that's exactly what I needed to do ;-)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: