07-12-2009 08:32 AM - edited 03-04-2019 05:24 AM
Hi,
I recently updated my Cisco 1721 to use IOS 12.4 so I could ssh to the router. It all seems to be running just dandy and I'm happy with that. You can view the config here:
http://www.objectevolution.com/temp/config.txt
Now, I've got a couple questions for you all:
1. I'd like to create a pinhole so to speak so I can ssh directly to a server on the internal network. I've done some research, Googling, etc. and it seems like this is the way to go:
http://www.joe-ma.co.za/page.php?15
So in my case I want to do ssh:
nat inside source static tcp MY_INTERNAL_SERVER 22 interface dialer 1 22
Right?
2. I haven't touched my config in some time and am wondering if you have suggestions for me, things to update, etc. I've got that Hardening Cisco Routers book I'm going to go through this evening. Anything else?
Heckles, suggestions always welcome ;-)
Thanks!
Jon
Solved! Go to Solution.
07-12-2009 03:44 PM
For 1., you are correct.
I suggest you also to look at DDNS, you can have your router to register to the DDNS server when the ip on dialer int changes. That will allow you to always be able to resolve your server if you dont have a static IP and dns service.
07-12-2009 08:31 PM
07-12-2009 03:44 PM
For 1., you are correct.
I suggest you also to look at DDNS, you can have your router to register to the DDNS server when the ip on dialer int changes. That will allow you to always be able to resolve your server if you dont have a static IP and dns service.
07-12-2009 08:31 PM
07-13-2009 06:02 AM
Nipper is awesome! Thanks for the recommendation!
07-13-2009 06:11 AM
Thank Stretch. He's the one with the awesome web site.
07-14-2009 07:02 PM
One more question...seems I can't do something like this:
ip nat inside source static tcp 192.168.1.60 22 interface Dialer1 33333
How come?
07-14-2009 07:19 PM
Also (!!!) if I have a static ip (1 or more) I can do this too, right:
ip nat inside source static tcp 192.168.1.60 22 MY_STATIC_IP 22
??
07-14-2009 09:27 PM
So, I'm thinking I'd use a PAM entry like this:
access-list 10 permit INTERNAL_SERVER_ID
ip port-map ssh port 33333 list 10
to accomplish my mapping:
outside port 33333 | inside port 22
Yeah?
07-15-2009 10:02 PM
And that's exactly what I needed to do ;-)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: