Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1421
Views
0
Helpful
4
Replies

Changing SSH port on cisco router

sharathpk0912
Level 1
Level 1

‎02-21-2016 09:44 AM - edited ‎03-05-2019 03:23 AM

The network contains 2 WAN links with loadbalancing configuration.
2 static public IPs. SSH is enable on router to access from outside.
Now they want to access the server (192.168.30.2) working on CENTOS remotely using SSH.

Configured NAT in router 4321- mapping 2 WAN IPs to 1 private IP (CentOS server).
WAN1- x.x.x.x
WAN2- y.y.y.y

access-list 101 permit tcp any host x.x.x.x eq 22
access-list 102 permit tcp any host y.y.y.y eq 22

ip nat inside source static tcp 192.168.30.2 x.x.x.x 22 extendable
ip nat inside source static tcp 192.168.30.2 y.y.y.y 22 extendable

If i try to access the server from outside using SSH, it reaches the router CLI. How to access the server on port 22?

I tried the below configuration. But SSH can be reached on the port 8088 as well as port 22.

ip ssh port 8088 rotary 1

!

line vty 0 15

rotary 1

Please help me to resolve this issue.
Thanks in advance.

1 person had this problem
Labels:
Preview file
4 KB
0 Helpful
4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-21-2016 11:35 AM

Note that whatever interface the SSH traffics comes in on (for NAT) it must leave via that same interface.  So life will be easier if inbound SSH is enabled on only one WAN interface, and then you can change your route-map so that it matches traffic from that one box and sends it out that one single link.

Normally when you do a port 22 forward you loose access to SSH on that interface on the router.  The NAT takes priority over the local listening service, so that bit is interested.

What software version are you using on your 4321?

0 Helpful

sharathpk0912
Level 1
Level 1
In response to Philip D'Ath

‎02-21-2016 08:36 PM

Cisco IOS XE Software, Version 03.15.01c.S - Standard Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(2)S1c, RELEASE SOFTWARE (fc1)

How can I achieve the solution.

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to sharathpk0912

‎02-22-2016 11:10 AM

Enable policy routing on the inside interface that connects to the SSH server setting the output interface to be a specific interface.

0 Helpful

Jillu
Level 1
Level 1
In response to Philip D'Ath

‎04-13-2018 06:08 AM

Yeah.. I'm having the same issue.

 

I want the Outside Network host to access the Inside Network Linux Server through SSH.

 

But I am able to take the router CLI only by using both the ports. So I have altered the Configuration as follows,

 

ip nat inside source static tcp 10.X.X.X(Server IP) 22 10.9.X.X(Router Interface) 22

 

to

 

ip nat inside source static tcp 10.X.X.X (Server IP) 22 interface gig0/1(Outside Interface) 22100

 

But still same status on both ports 22 & 22100(Only router CLI) . I tried clear ip nat trans also.

 

Kindly suggest a solution for this.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card