01-30-2009 06:15 AM
Hi guys
I'v been playing with my Cisco 857 for a while now, and I have one problem. I can't setup remote connection (from home) through SSH to my router at work. I have tried all sources - Cisco website, Google, and can't find what I am looking for.
I would much apprecciated if you could help me. If you need a config file or something let me know. Just need some comands or how it should be setup to make it work.
Cheers
Solved! Go to Solution.
02-03-2009 03:09 AM
Hi, configure:
no access-list 1
access-list 1 permit 192.168.0.0 0.0.0.255
Also please assign 192.168.0.1/24 to VLAN1.
01-30-2009 06:19 AM
02-03-2009 03:09 AM
Hi, configure:
no access-list 1
access-list 1 permit 192.168.0.0 0.0.0.255
Also please assign 192.168.0.1/24 to VLAN1.
02-03-2009 03:20 AM
ok I will do that, but how that can resolve my problem? That won't give me an access from public IP or will it?
02-02-2009 10:54 AM
Is this the configuration for the router you are trying to reach?
It looks as though your access list 23 is blocking the ssh traffic. Is 192.168.0.0/29 the IP space of where you are trying to connect from?
Can you telnet to make sure you are not having problems with SSH?
To troubleshoot:
Use the
#show access-list
command to see statistics on what packets have matched.
Or, add the log command to the end of your access-list and then look at your log.
Create a new
#access-list 11 permit any log
and apply that to the vty interface instead of list 23. Try to ssh and then look at the log to see where the packet came from, it could be NATed. Create a new access-list based on the log information.
02-03-2009 01:27 AM
Thanks for your answer.
No 192.168.0.0/29 is not where I am trying access my router.
I am trying to access my router from public IP.
My Cisco 857 Router have public IP 77.44.xx.xx and I am trying to access it from 213.177.xx.xx.
On my local network I can access SSH and Telnest without problem.
Thanks a lot for your help
02-03-2009 03:42 AM
Please configure as mentioned above. The ACL for NAT MUST define internal networks and cannot be "any".
In networking, try to be more receptive to seniors advice. You will find that in most cases, they know their stuff.
02-03-2009 04:04 AM
Ok, I have done that, and thanks for your answer. I know I still need to learn a lot :) Just working on my CCNA.
Anyway is there still something I should change or add so I can connect from public IP to my router?
Could you have a look at my changes not sure if that is what you asked. Many thanks.
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 23 permit 192.168.0.0 0.0.0.7
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
02-03-2009 04:23 AM
Seems fine. Remember to rate useful posts with the scrollbox below.
02-03-2009 04:48 AM
Thanks for your help!
I wish everyone would answer that fast.
02-03-2009 04:56 AM
It's easy to answer fast when a problem is well defined like your was.
Thanks for the nice rating and good luck!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: