SSH Pass-through AND SSH To Router

jwynacht · ‎08-10-2009

Hi,

I've a question regarding SSH on my router. Right now I have things set up to do pass-through to a server I have on the inside of my network. However, I'd also like to be able to SSH to the router itself but it seems like after setting up pass-through I can't do that anymore. I'm sure there's a simple solution, like configuring a new interface but I'm not sure I understand what that solution is.

Any advice? Config below.

Thanks!

Jon

Current configuration : 2457 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname ROUTER_HOSTNAME

!

boot-start-marker

boot-end-marker

!

no logging console

enable secret SOME_PASSWORD

enable password SOME_PASSWORD

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1

!

ip dhcp pool LANpool

import all

network 192.168.1.0 255.255.255.0

dns-server 68.94.156.1 68.94.157.1

default-router 192.168.1.254

lease infinite

!

ip cef

ip domain name DOMAIN.COM

ip name-server 68.94.156.1

ip name-server 68.94.157.1

ip port-map ssh port tcp 30000 list 10

ip ssh logging events

ip ssh version 2

!

vpdn enable

!

username USERNAME privilege 15 secret 5 SOME_PASSWORD

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

pvc 0/35

pppoe-client dial-pool-number 1

!

interface FastEthernet0

description Internet Connection

no ip address

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

speed auto

!

interface FastEthernet1

description Connection to Wireless LAN

switchport access vlan 26

!

interface FastEthernet2

description Connect to LAN

switchport access vlan 26

!

interface FastEthernet3

description Internal LAN Server

switchport access vlan 26

!

interface FastEthernet4

description Connection to DMZ

switchport access vlan 26

no cdp enable

!

interface Vlan1

no ip address

!

interface Vlan26

description routed interface for LAN segment

ip address 192.168.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Dialer1

mtu 1492

ip address IP_ADDRESS SUBNET

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

ppp chap hostname HOSTNAME

ppp chap password 0 PASSWORD

ppp pap sent-username USERNAME password 0 PASSWORD

!

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

no ip http secure-server

!

ip nat inside source list 1 interface Dialer1 overload

ip nat inside source static tcp 192.168.1.60 22 interface Dialer1 30000

!

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit IP_ADDRESS 0.0.0.255

access-list 10 permit 192.168.1.60

dialer-list 1 protocol ip permit

!

control-plane

!

line con 0

line aux 0

line vty 0 4

login

transport input ssh

!

end

John Blakley · ‎08-10-2009

I believe you can change your ssh port on the router like:

ip ssh port rotary 1

That might work.

HTH,

John

HTH, John *** Please rate all useful posts ***

jwynacht · ‎08-19-2009

Mmmm....didn't do anything here. Not sure if this clarifies things or not but I need to be able to do the following:

1. ssh directly to router.

2. ssh directly to server (via passthrough).

Wondering if I need to use PAT here?

TIA,

Jon

jwynacht · ‎08-19-2009

Or, do I configure a separate interface to ssh to the server and use the original interface to connect to the router?