Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

1721 Config Update, Pinholes and Help

Hi,

I recently updated my Cisco 1721 to use IOS 12.4 so I could ssh to the router. It all seems to be running just dandy and I'm happy with that. You can view the config here:

http://www.objectevolution.com/temp/config.txt

Now, I've got a couple questions for you all:

1. I'd like to create a pinhole so to speak so I can ssh directly to a server on the internal network. I've done some research, Googling, etc. and it seems like this is the way to go:

http://www.joe-ma.co.za/page.php?15

So in my case I want to do ssh:

nat inside source static tcp MY_INTERNAL_SERVER 22 interface dialer 1 22

Right?

2. I haven't touched my config in some time and am wondering if you have suggestions for me, things to update, etc. I've got that Hardening Cisco Routers book I'm going to go through this evening. Anything else?

Heckles, suggestions always welcome ;-)

Thanks!

Jon

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: 1721 Config Update, Pinholes and Help

For 1., you are correct.

I suggest you also to look at DDNS, you can have your router to register to the DDNS server when the ip on dialer int changes. That will allow you to always be able to resolve your server if you dont have a static IP and dns service.

Re: 1721 Config Update, Pinholes and Help

8 REPLIES

Re: 1721 Config Update, Pinholes and Help

For 1., you are correct.

I suggest you also to look at DDNS, you can have your router to register to the DDNS server when the ip on dialer int changes. That will allow you to always be able to resolve your server if you dont have a static IP and dns service.

Re: 1721 Config Update, Pinholes and Help

New Member

Re: 1721 Config Update, Pinholes and Help

Nipper is awesome! Thanks for the recommendation!

Re: 1721 Config Update, Pinholes and Help

Thank Stretch. He's the one with the awesome web site.

New Member

Re: 1721 Config Update, Pinholes and Help

One more question...seems I can't do something like this:

ip nat inside source static tcp 192.168.1.60 22 interface Dialer1 33333

How come?

New Member

Re: 1721 Config Update, Pinholes and Help

Also (!!!) if I have a static ip (1 or more) I can do this too, right:

ip nat inside source static tcp 192.168.1.60 22 MY_STATIC_IP 22

??

New Member

Re: 1721 Config Update, Pinholes and Help

So, I'm thinking I'd use a PAM entry like this:

access-list 10 permit INTERNAL_SERVER_ID

ip port-map ssh port 33333 list 10

to accomplish my mapping:

outside port 33333 | inside port 22

Yeah?

New Member

Re: 1721 Config Update, Pinholes and Help

And that's exactly what I needed to do ;-)

140
Views
5
Helpful
8
Replies