Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSH not working witrh dynamic NAT

A UNIX m/c only allows only SSH connection. To reach this server we need to source NAT. If we do static NAT then we are able to SSH into the UNIX server. But if we use dynamic NAT then we are not able to SSH to the same server. Please suggest!!

4 REPLIES

Re: SSH not working witrh dynamic NAT

That is how it works with all systems that must be reachable behind a natting router or firewall.

Regardless of whether it's telnet, smtp or you name it, you must forward the port statically.

You can use both static and dynamic nat together though by using the command:

ip nat inside source static tcp/udp ....

This forwards only a single port, leaving the rest available for dynamic nat.

Regards,

Leo

New Member

Re: SSH not working witrh dynamic NAT

I have been trying this in a test lab. I am using a router.

UNIX server is behind interface e1. And all the clients are on interface e 0.

Following is the configuration that doesn't work for SSH only.

interface e 0

ip address 10.10.10.254 255.255.255.0

ip nat inside

interface e 1

ip address 172.16.130.1 255.255.255.0

ip nat outside

ip nat inside source list 1 pool test

ip nat pool test 172.16.131.2 172.16.131.200 netmask 255.255.255.0

access-list 1 permit 10.10.10.0 0.0.0.255

The following NAT configuration works for SSH:

interface e 0

ip address 10.10.10.254 255.255.255.0

ip nat inside

interface e 1

ip address 172.16.130.1 255.255.255.0

ip nat outside

ip nat inside source static 10.10.10.1 172.16.131.2

I have to do this statically for all the inside IPs.

Also I am not specifically concerned for SSH traffic. As I have to do it for all the traffic. But for some reason only SSH doesn't work.

Re: SSH not working witrh dynamic NAT

Does your UX host have a route to network 172.16.131.0?

New Member

Re: SSH not working witrh dynamic NAT

yes, it has a route back.

133
Views
0
Helpful
4
Replies