Cisco Support Community
Community Member

SSH services

Not sure if this is the correct fourm, but i will try it.

I am trying to direct ssh traffic to a specific server on my network through my 2811 router. When a remote client attempts to initiate a session with the server the get the login for the router instead of the server. I found the correct commands to create a static route for a NATed telnet session but want to tie the security down with ssh. Can i replace the telnet (23) with the ssh port(22) in the command to get this to work?


Re: SSH services

Hi James,

yes you can do that. Have a look on you access lists. Maybe there is a restriction to telnet port. So you have to change this, too.

Best regards,


Community Member

Re: SSH services

Thank you frank!

Yes i have modified the ACLs for the telnet session, and last night was able to get a NATed ssh session through to the server with the new command.

My new issue is this:

I have three VPNs coming in to the main location where the server resides. After i made the change (leaving the NATed telnet and the new NATed ssh session) none of the clients on the VPNs could reach the server! As soon as i deleted the ssh, access to the server came back up. I know this has to be related in some way to the translated address but didnt think that there is any address translation going on in the VPN connection for the two LANs.

Hope i made this clear. If possible i will post my config with ACLs later today.

PS Now that i think about it could this be a NAT-T issue. Two of the other ends of the VPNs are created by a Linksys RV42 that has NAT-T.

Thanks again


Re: SSH services

Are you trying to SSH across the VPN tunnel, across the internet, or both? Are you NATing VPN traffic?

Community Member

Re: SSH services

Yes i do need SSH service from the internet to my server and across the VPNs to my server. I do not believe i am NATing the VPN connections to the server. The NATing for the endpoints of the VPN tunnels are strictly for internet access out of the remote locations. Although it would help if i could tell if those clients coming across the VPN tunnel are being NATed. Not sure how to tell. Any instruction?



Re: SSH services

I've run into that problem, you need to do a policy route. Here's a link that hsould help.

HTH and don't forget to rate!

CreatePlease to create content