Solved: Re: Remote SSH Connection on Cisco 857?

krysianrabiej · ‎01-30-2009

Hi guys

I'v been playing with my Cisco 857 for a while now, and I have one problem. I can't setup remote connection (from home) through SSH to my router at work. I have tried all sources - Cisco website, Google, and can't find what I am looking for.

I would much apprecciated if you could help me. If you need a config file or something let me know. Just need some comands or how it should be setup to make it work.

Cheers

paolo bevilacqua · ‎02-03-2009

Hi, configure:

no access-list 1

access-list 1 permit 192.168.0.0 0.0.0.255

Also please assign 192.168.0.1/24 to VLAN1.

View solution in original post

krysianrabiej · ‎01-30-2009

just added my router config.

cheers

paolo bevilacqua · ‎02-03-2009

Hi, configure:

no access-list 1

access-list 1 permit 192.168.0.0 0.0.0.255

Also please assign 192.168.0.1/24 to VLAN1.

krysianrabiej · ‎02-03-2009

ok I will do that, but how that can resolve my problem? That won't give me an access from public IP or will it?

chuckwirth · ‎02-02-2009

Is this the configuration for the router you are trying to reach?

It looks as though your access list 23 is blocking the ssh traffic. Is 192.168.0.0/29 the IP space of where you are trying to connect from?

Can you telnet to make sure you are not having problems with SSH?

To troubleshoot:

Use the

#show access-list

command to see statistics on what packets have matched.

Or, add the log command to the end of your access-list and then look at your log.

Create a new

#access-list 11 permit any log

and apply that to the vty interface instead of list 23. Try to ssh and then look at the log to see where the packet came from, it could be NATed. Create a new access-list based on the log information.

krysianrabiej · ‎02-03-2009

Thanks for your answer.

No 192.168.0.0/29 is not where I am trying access my router.

I am trying to access my router from public IP.

My Cisco 857 Router have public IP 77.44.xx.xx and I am trying to access it from 213.177.xx.xx.

On my local network I can access SSH and Telnest without problem.

Thanks a lot for your help

paolo bevilacqua · ‎02-03-2009

Please configure as mentioned above. The ACL for NAT MUST define internal networks and cannot be "any".

In networking, try to be more receptive to seniors advice. You will find that in most cases, they know their stuff.

krysianrabiej · ‎02-03-2009

Ok, I have done that, and thanks for your answer. I know I still need to learn a lot :) Just working on my CCNA.

Anyway is there still something I should change or add so I can connect from public IP to my router?

Could you have a look at my changes not sure if that is what you asked. Many thanks.

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip dns server

ip nat inside source list 1 interface Dialer1 overload

!

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 23 permit 192.168.0.0 0.0.0.7

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

paolo bevilacqua · ‎02-03-2009

Seems fine. Remember to rate useful posts with the scrollbox below.

krysianrabiej · ‎02-03-2009

Thanks for your help!

I wish everyone would answer that fast.

paolo bevilacqua · ‎02-03-2009

It's easy to answer fast when a problem is well defined like your was.

Thanks for the nice rating and good luck!