I have a 2951 router with switch and sec pac. I have multiple servers connected to the router. To access the servers via ssh and sftp I VPN into the router and then I can shell in using private ip's. Up until a couple of days ago this has worked. I am not clear on how but a possible cause... I have been in the process of moving our DNS name servers from our local network to a distributed external network. After verifying a successful transition I came to one of the final stages = shutting down the named service on our local servers. It was a day after this action that I couldn't gain ssh or sftp access to my servers via the VPN connection. I have VPN access. I am able to access web services on the servers but no ssh access when connected to router.
I did some exploring on possible issues/solutions and noticed that a router global config had old ip name-server data. So I added the IP address of our new name server and added the use of tcp and udp eq domain to our access list. This did not fix the problem. This is a bit confusing on why this change would cause this type of issue since I use private IP's (not domains) when accessing the servers but this is the only change I can think of that was made and coinsides with this issue.
here is my config... (i marked with bold text the additions I made to access list and ip name-server)
IP ending in .226 is router IP. Old named servers IP ending in .227 + .228
thanks for any assistance / knowledge
I am removing configuration due to it not being needed to resolve this issue.
One possible relation to the dns change is that it is not possible for the external dns to (correctly) resolve the pool addresses. If your ssh requires reverse dns resolution as a security measure, connections will be refused.
A static entry in the hosts file may do the trick already.
You can also check the event log on the server(s) to see if there are messages related to the failing sessions.
These may point you to a possible cause and from there to a solution.