I was wondering if someone can help me with the following: I would like to be able to do SSH port forwarding from outside to an IP address inside. Normally, this is very straighforward. The problem now is that if I do so, then the LAN to LAN VPN stops working!
Here are the details:
There is a LAN to LAN VPN working flawlesly (so far) between an ASA 5505 and a Cisco 861 Integrated Router. However, I would like also, to give SSH access to an IP address behind the Cisco router. The moment I do this the VPN breaks!
I attached the Cisco 861 router configuration, where the problem shows. The ASA has public IP X.X.X.105 and the router has X.X.X.105. These two are used for the VPN tunnel. The internal network in the ASA is 10.115.16.0/24 and 192.168.10.0/24 in the router. These talk to each other using the tunnelt.
But, the moment I try to forward port 22 in the router from X.X.X.107 to 192.168.10.30 the VPN breaks! I do that with the following line:
ip nat inside source static tcp 192.168.10.30 22 X.X.X.107 22
Obviously, something is eluding me. The configuration is rather short and simple. But, I'm a newbie with Cisco rotuer configuration. Note that the tunnel stays up after I use the natting entry and I can talk from the router to the ASA, but not the other way around!
The router is Cisco 861 with IOS version 15.0(1)M7.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :