Re: SSH - VPN - Telnet - HOW?

jerry.roy · ‎06-01-2001

I need to allow ssh to the Wan Interface of a 1750 and allow telnet to the Lan Interface. I have IOS w/Security (FW+VPN) installed and have created a tunnel and set up firewalling between 2 1750's. I Can Ping and Use Resources on each remote network but can only access router at the Lan Interface via SSH from a host on the Lan. Need to be able to access a remote router through the tunnel via telnet as well as copy the startup config from a remote router back to a tftp server. Any help would be appreciated. Current access lists are as follows:

interface Ethernet0

description connected to Internet

ip address 172.16.20.20 255.255.255.0

ip access-group 102 in

half-duplex

crypto map cm-cryptomap

!

interface FastEthernet0

description connected to EthernetLAN_1

ip address 64.x.x.x x.x.x.x

ip access-group 101 in

ip inspect FastEthernet_0 in

speed auto

!

router eigrp 100

network 64.x.x.x x.x.x.x

network 172.16.20.0 0.0.0.255

no auto-summary

no eigrp log-neighbor-changes

!

ip kerberos source-interface any

ip classless

ip route 0.0.0.0 0.0.0.0 Ethernet0

no ip http server

!

access-list 100 permit ip 64.x.x.x x.x.x.x 64.x.x.x x.x.x.x

access-list 101 permit ip any any

access-list 102 permit udp host 172.16.10.10 host 172.16.20.20 eq isakmp

access-list 102 permit ahp host 172.16.10.10 host 172.16.20.20

access-list 102 permit esp host 172.16.10.10 host 172.16.20.20

access-list 102 permit ip 64.x.x.x x.x.x.x 64.x.x.x x.x.x.x

net.admin · ‎06-04-2001

You are running into the same problems that I am having with my 1720's and 3620's with crypto cards.

All does not seem to work as specified. I have a case open with TAC regarding these similiar issues, and am trying to get documentation regarding the order-of-operation, which I think is at the heart of the matter.

If I get some good answers, I will send them to you.

Regards,

Scott Hale