Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1244
Views
11
Helpful
5
Replies

SSH services

cISCOJester
Level 1
Level 1

‎10-25-2006 04:10 PM

Not sure if this is the correct fourm, but i will try it.

I am trying to direct ssh traffic to a specific server on my network through my 2811 router. When a remote client attempts to initiate a session with the server the get the login for the router instead of the server. I found the correct commands to create a static route for a NATed telnet session but want to tie the security down with ssh. Can i replace the telnet (23) with the ssh port(22) in the command to get this to work?

Labels:
0 Helpful
5 Replies 5

frankzehrer
Level 4
Level 4

‎10-25-2006 09:35 PM

Hi James,

yes you can do that. Have a look on you access lists. Maybe there is a restriction to telnet port. So you have to change this, too.

Best regards,

Frank

cISCOJester
Level 1
Level 1
In response to frankzehrer

‎10-26-2006 10:39 AM

Thank you frank!

Yes i have modified the ACLs for the telnet session, and last night was able to get a NATed ssh session through to the server with the new command.

My new issue is this:

I have three VPNs coming in to the main location where the server resides. After i made the change (leaving the NATed telnet and the new NATed ssh session) none of the clients on the VPNs could reach the server! As soon as i deleted the ssh, access to the server came back up. I know this has to be related in some way to the translated address but didnt think that there is any address translation going on in the VPN connection for the two LANs.

Hope i made this clear. If possible i will post my config with ACLs later today.

PS Now that i think about it could this be a NAT-T issue. Two of the other ends of the VPNs are created by a Linksys RV42 that has NAT-T.

Thanks again

James

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to cISCOJester

‎10-26-2006 11:40 AM

Are you trying to SSH across the VPN tunnel, across the internet, or both? Are you NATing VPN traffic?

cISCOJester
Level 1
Level 1
In response to Collin Clark

‎10-26-2006 12:35 PM

Yes i do need SSH service from the internet to my server and across the VPNs to my server. I do not believe i am NATing the VPN connections to the server. The NATing for the endpoints of the VPN tunnels are strictly for internet access out of the remote locations. Although it would help if i could tell if those clients coming across the VPN tunnel are being NATed. Not sure how to tell. Any instruction?

Thanks!

James

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to cISCOJester

‎10-27-2006 05:03 AM

I've run into that problem, you need to do a policy route. Here's a link that hsould help.

http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml

HTH and don't forget to rate!

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card