cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
811
Views
0
Helpful
4
Replies
sharathpk0912
Beginner

Changing SSH port on cisco router

The network contains 2 WAN links with loadbalancing configuration.
2 static public IPs. SSH is enable on router to access from outside.
Now they want to access the server (192.168.30.2) working on CENTOS remotely using SSH.

Configured NAT in router 4321- mapping 2 WAN IPs to 1 private IP (CentOS server).
WAN1- x.x.x.x
WAN2- y.y.y.y

access-list 101 permit tcp any host x.x.x.x eq 22
access-list 102 permit tcp any host y.y.y.y eq 22

ip nat inside source static tcp 192.168.30.2 x.x.x.x 22 extendable
ip nat inside source static tcp 192.168.30.2 y.y.y.y 22 extendable

If i try to access the server from outside using SSH, it reaches the router CLI. How to access the server on port 22?

I tried the below configuration. But SSH can be reached on the port 8088 as well as port 22.

ip ssh port 8088 rotary 1

!

line vty 0 15

rotary 1

Please help me to resolve this issue.
Thanks in advance.

4 REPLIES 4
Philip D'Ath
Advisor

Note that whatever interface the SSH traffics comes in on (for NAT) it must leave via that same interface.  So life will be easier if inbound SSH is enabled on only one WAN interface, and then you can change your route-map so that it matches traffic from that one box and sends it out that one single link.

Normally when you do a port 22 forward you loose access to SSH on that interface on the router.  The NAT takes priority over the local listening service, so that bit is interested.

What software version are you using on your 4321?

Cisco IOS XE Software, Version 03.15.01c.S - Standard Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(2)S1c, RELEASE SOFTWARE (fc1)

How can I achieve the solution.

Enable policy routing on the inside interface that connects to the SSH server setting the output interface to be a specific interface.

Yeah.. I'm having the same issue.

 

I want the Outside Network host to access the Inside Network Linux Server through SSH.

 

But I am able to take the router CLI only by using both the ports. So I have altered the Configuration as follows,

 

ip nat inside source static tcp 10.X.X.X(Server IP) 22 10.9.X.X(Router Interface) 22

 

to

 

ip nat inside source static tcp 10.X.X.X (Server IP) 22 interface gig0/1(Outside Interface) 22100

 

But still same status on both ports 22 & 22100(Only router CLI) . I tried clear ip nat trans also.

 

Kindly suggest a solution for this.