08-10-2009 06:29 AM - edited 03-04-2019 05:41 AM
Hi,
I've a question regarding SSH on my router. Right now I have things set up to do pass-through to a server I have on the inside of my network. However, I'd also like to be able to SSH to the router itself but it seems like after setting up pass-through I can't do that anymore. I'm sure there's a simple solution, like configuring a new interface but I'm not sure I understand what that solution is.
Any advice? Config below.
Thanks!
Jon
Current configuration : 2457 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER_HOSTNAME
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret SOME_PASSWORD
enable password SOME_PASSWORD
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LANpool
import all
network 192.168.1.0 255.255.255.0
dns-server 68.94.156.1 68.94.157.1
default-router 192.168.1.254
lease infinite
!
!
ip cef
ip domain name DOMAIN.COM
ip name-server 68.94.156.1
ip name-server 68.94.157.1
ip port-map ssh port tcp 30000 list 10
ip ssh logging events
ip ssh version 2
!
vpdn enable
!
!
!
!
username USERNAME privilege 15 secret 5 SOME_PASSWORD
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
description Internet Connection
no ip address
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
speed auto
!
interface FastEthernet1
description Connection to Wireless LAN
switchport access vlan 26
!
interface FastEthernet2
description Connect to LAN
switchport access vlan 26
!
interface FastEthernet3
description Internal LAN Server
switchport access vlan 26
!
interface FastEthernet4
description Connection to DMZ
switchport access vlan 26
no cdp enable
!
interface Vlan1
no ip address
!
interface Vlan26
description routed interface for LAN segment
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer1
mtu 1492
ip address IP_ADDRESS SUBNET
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname HOSTNAME
ppp chap password 0 PASSWORD
ppp pap sent-username USERNAME password 0 PASSWORD
!
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.60 22 interface Dialer1 30000
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit IP_ADDRESS 0.0.0.255
access-list 10 permit 192.168.1.60
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
transport input ssh
!
end
08-10-2009 08:08 AM
I believe you can change your ssh port on the router like:
ip ssh port
That might work.
HTH,
John
08-19-2009 08:09 PM
Mmmm....didn't do anything here. Not sure if this clarifies things or not but I need to be able to do the following:
1. ssh directly to router.
2. ssh directly to server (via passthrough).
Wondering if I need to use PAT here?
TIA,
Jon
08-19-2009 08:10 PM
Or, do I configure a separate interface to ssh to the server and use the original interface to connect to the router?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: