08-10-2009 06:29 AM - edited 03-04-2019 05:41 AM
Hi,
I've a question regarding SSH on my router. Right now I have things set up to do pass-through to a server I have on the inside of my network. However, I'd also like to be able to SSH to the router itself but it seems like after setting up pass-through I can't do that anymore. I'm sure there's a simple solution, like configuring a new interface but I'm not sure I understand what that solution is.
Any advice? Config below.
Thanks!
Jon
Current configuration : 2457 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER_HOSTNAME
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret SOME_PASSWORD
enable password SOME_PASSWORD
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LANpool
import all
network 192.168.1.0 255.255.255.0
dns-server 68.94.156.1 68.94.157.1
default-router 192.168.1.254
lease infinite
!
!
ip cef
ip domain name DOMAIN.COM
ip name-server 68.94.156.1
ip name-server 68.94.157.1
ip port-map ssh port tcp 30000 list 10
ip ssh logging events
ip ssh version 2
!
vpdn enable
!
!
!
!
username USERNAME privilege 15 secret 5 SOME_PASSWORD
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
description Internet Connection
no ip address
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
speed auto
!
interface FastEthernet1
description Connection to Wireless LAN
switchport access vlan 26
!
interface FastEthernet2
description Connect to LAN
switchport access vlan 26
!
interface FastEthernet3
description Internal LAN Server
switchport access vlan 26
!
interface FastEthernet4
description Connection to DMZ
switchport access vlan 26
no cdp enable
!
interface Vlan1
no ip address
!
interface Vlan26
description routed interface for LAN segment
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer1
mtu 1492
ip address IP_ADDRESS SUBNET
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname HOSTNAME
ppp chap password 0 PASSWORD
ppp pap sent-username USERNAME password 0 PASSWORD
!
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.60 22 interface Dialer1 30000
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit IP_ADDRESS 0.0.0.255
access-list 10 permit 192.168.1.60
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
transport input ssh
!
end
08-10-2009 08:08 AM
I believe you can change your ssh port on the router like:
ip ssh port
That might work.
HTH,
John
08-19-2009 08:09 PM
Mmmm....didn't do anything here. Not sure if this clarifies things or not but I need to be able to do the following:
1. ssh directly to router.
2. ssh directly to server (via passthrough).
Wondering if I need to use PAT here?
TIA,
Jon
08-19-2009 08:10 PM
Or, do I configure a separate interface to ssh to the server and use the original interface to connect to the router?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide