I'v been playing with my Cisco 857 for a while now, and I have one problem. I can't setup remote connection (from home) through SSH to my router at work. I have tried all sources - Cisco website, Google, and can't find what I am looking for.
I would much apprecciated if you could help me. If you need a config file or something let me know. Just need some comands or how it should be setup to make it work.
Solved! Go to Solution.
Is this the configuration for the router you are trying to reach?
It looks as though your access list 23 is blocking the ssh traffic. Is 192.168.0.0/29 the IP space of where you are trying to connect from?
Can you telnet to make sure you are not having problems with SSH?
command to see statistics on what packets have matched.
Or, add the log command to the end of your access-list and then look at your log.
Create a new
#access-list 11 permit any log
and apply that to the vty interface instead of list 23. Try to ssh and then look at the log to see where the packet came from, it could be NATed. Create a new access-list based on the log information.
Thanks for your answer.
No 192.168.0.0/29 is not where I am trying access my router.
I am trying to access my router from public IP.
My Cisco 857 Router have public IP 77.44.xx.xx and I am trying to access it from 213.177.xx.xx.
On my local network I can access SSH and Telnest without problem.
Thanks a lot for your help
Please configure as mentioned above. The ACL for NAT MUST define internal networks and cannot be "any".
In networking, try to be more receptive to seniors advice. You will find that in most cases, they know their stuff.
Ok, I have done that, and thanks for your answer. I know I still need to learn a lot :) Just working on my CCNA.
Anyway is there still something I should change or add so I can connect from public IP to my router?
Could you have a look at my changes not sure if that is what you asked. Many thanks.
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list 1 interface Dialer1 overload
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 23 permit 192.168.0.0 0.0.0.7
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
It's easy to answer fast when a problem is well defined like your was.
Thanks for the nice rating and good luck!