The ip address just needs to

gatechtechnical1 · ‎06-09-2016

I want to access my cisco 3925 router from outside network using public IP address. what configuration i have to do.

Note: i can access SSH from inside network

Mark Malone · ‎06-09-2016

The ip address just needs to be reachable that your trying to access , if its working from the inside ssh is already working , you may need to open port on firewall though if its in front of your 3900 make sure you lock the vty port down with an acl so not everyone can access it and then also only enable

line vty 0 4

access-class 10 in

access-list 10 permit x.x.x.x 0.0.0.255

*************************************

Configuring Login Parameters

Use this task to configure your Cisco IOS device for login parameters that help detect suspected DoS attacks and slow down dictionary attacks.

All login parameters are disabled by default. You must issue the login block-for command, which enables default login functionality, before using any other login commands. After the login block-for command is enabled, the following defaults are enforced:

•A default login delay of one second

•All login attempts made through Telnet or SSH are denied during the quiet period; that is, no ACLs are exempt from the login period until the login quiet-mode access-class command is issued.

SUMMARY STEPS

1. enable

2. configure terminal

3. login block-for seconds attempts tries within seconds

4. login quiet-mode access-class {acl-name | acl-number}

5. login delay seconds

6. exit

Michael Hubbard · ‎07-08-2016

Nice write up Mark!

I haven't used the "login block-for seconds" before but will will definitely be testing it out now!

For a public facing SSH I would also suggest using public/private keys for SSH logins. There is a lot documentation on how to set that up.

If your Google Fu fails here is blog on how to do it.

Authenticating using SSH and your RSA Public Key

Configure SSH to access router 3925 from outside network

SUMMARY STEPS