Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7507
Views
0
Helpful
22
Replies

SSH and telnet port open

pcfreak49
Level 1
Level 1

‎08-06-2010 09:09 AM

hello I have a question know there sometimes someone how you the port of SSH and telnet putting on Cisco 800 series

who can help me please

Labels:
0 Helpful
22 Replies 22

Phillip Remaker
Cisco Employee
Cisco Employee
In response to pcfreak49

‎08-18-2010 08:31 AM

Maybe you want to share the relvenant portions of your configuration?  It sounds like you are saying you have set up something (what?) and now cannot connect with SSH or telnet. Can you connect if there are no restrictions set up at all?

You may want to post a detailed description in French or Dutch (Flemish?) and see if we can us Google Translate or Babel Fish to understand the detail.

0 Helpful

pcfreak49
Level 1
Level 1
In response to Phillip Remaker

‎08-18-2010 08:59 AM

ja dat is goed dit is mijn running-config

kun je iets laten weten als er iets fout is aub ?

al vast bedankt

70685-running-config.zip
0 Helpful

Phillip Remaker
Cisco Employee
Cisco Employee
In response to pcfreak49

‎08-18-2010 10:00 AM

So, the goal is to connect to the router using the SSH protocol, right?

1) Can you connect with SSH at all?

2) Are you trying to connect on the LAN side or the WAN side?

3) What happens when you try to connect?

4) What do you want to happen?

0 Helpful

pcfreak49
Level 1
Level 1
In response to Phillip Remaker

‎08-18-2010 10:07 AM

1) ja ssh lukt

2) ik probeer ssh vanaf WAN side

3) wil remote kunnen inlogen op router zowel ssh als telnet

4) ik wil op de router werken vanaf een ander netwerk

0 Helpful

Phillip Remaker
Cisco Employee
Cisco Employee
In response to pcfreak49

‎08-18-2010 10:57 AM

OK, got it.  You want to ALLOW remote conenction from SSH and/or telnet.

Right now, your configuration is using NAT and zone-based firewall (ZBFW).

Are you using SDM or CCP to configure the device?

The configuration seems correct, but I am not a ZBFW expert.

Looking at https://supportforums.cisco.com/thread/2012714, it seems like you may need to allow SSH and telnet in the "source self destination out-zone" path:

zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit

Your self to out path doesn't allow SSH and telnet.

policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
  pass
class type inspect ccp-icmp-access
  inspect
class class-default
  pass

WARNING:  this is just a guess.  Ask over in the Firewall group.

0 Helpful

pcfreak49
Level 1
Level 1
In response to Phillip Remaker

‎08-18-2010 11:18 AM

ik gebruikt CCP

0 Helpful

Phillip Remaker
Cisco Employee
Cisco Employee
In response to pcfreak49

‎08-18-2010 02:39 PM

I don't use CCP, but look at try asking in the firewalls forum.  It seems to be a firewall issue.

0 Helpful

pcfreak49
Level 1
Level 1
In response to Phillip Remaker

‎08-18-2010 11:25 PM

ik gebruik cli soms ccp

omdat in cli meer kunt doen

0 Helpful
Customers Also Viewed These Support Documents