Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
601
Views
0
Helpful
2
Replies

External SSH

Go to solution
dan_miles86
Level 1
Level 1

‎09-09-2015 09:07 AM - edited ‎03-05-2019 02:15 AM

Hi,

 

I hope someone can save my sanity.

 

I'm trying to setup external SSH access to my router. Internal is working fine. I thought prehaps SSH port was blocked by ISP so tried a different port but have the same lack off success.

 

Full config included below with external IP's and Passwords replaced with ##################.

 

Thanks

 

 

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ##################
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 ##################
enable password ##################
!
aaa new-model
!
!
aaa authentication login TERMINAL-LINES local
!
!
aaa session-id common
!
dot11 syslog
ip source-route
!
!
ip cef
ip dhcp excluded-address 192.168.30.1 192.168.30.100
ip dhcp excluded-address 192.168.31.1 192.168.31.100
ip dhcp excluded-address 192.168.32.1 192.168.32.100
!
ip dhcp pool DynamicPool
   network 192.168.30.0 255.255.255.0
   dns-server 192.168.30.1 8.8.8.8 208.67.222.222
   default-router 192.168.30.1
   lease 0 0 15
!
ip dhcp pool Tony-PC
   host 192.168.30.10 255.255.255.0
   client-identifier 0100.1e8c.6d85.3e
   lease infinite
!
ip dhcp pool VisitorPool
   network 192.168.31.0 255.255.255.0
   dns-server 8.8.8.8 8.8.4.4 208.67.222.222
   default-router 192.168.31.1
   lease 0 0 15
!
ip dhcp pool GuestPool
   network 192.168.32.0 255.255.255.0
   dns-server 8.8.8.8 8.8.4.4 208.67.222.222
   default-router 192.168.32.1
   lease 0 0 15
!
!
ip domain name ##################
ip host switch 192.168.30.5
ip host router 192.168.30.1
ip host unifi ##################
ip host tony-pc 192.168.30.10
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip name-server 208.67.222.222
ip name-server 208.67.220.220
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
username ################## password 0 ##################
archive
 log config
  hidekeys
!
!
!
!
!
ip ssh port 8083 rotary 1
ip ssh rsa keypair-name ##################
!
!
!
!
interface GigabitEthernet0/0
 ip address ################## 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet1/0
 ip address 192.168.30.1 255.255.255.0
 ip access-group native in
 ip nat inside
 ip virtual-reassembly
!
interface GigabitEthernet1/0.1
 encapsulation dot1Q 40
 ip address 192.168.31.1 255.255.255.0
 ip access-group visitor in
 ip nat inside
 ip virtual-reassembly
!
interface GigabitEthernet1/0.2
 encapsulation dot1Q 50
 ip address 192.168.32.1 255.255.255.0
 ip access-group guest in
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 ##################
no ip http server
no ip http secure-server
!
!
ip dns server
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.30.10 3389 interface GigabitEthernet0/0 3389
ip nat inside source static udp 192.168.30.10 3389 interface GigabitEthernet0/0 3389
!
ip access-list extended guest
 deny   ip 192.168.32.0 0.0.0.255 192.168.30.0 0.0.0.255
 deny   ip 192.168.32.0 0.0.0.255 192.168.31.0 0.0.0.255
 permit ip any any
ip access-list extended management
 permit ip 192.168.30.0 0.0.0.255 any
 permit ip 192.168.20.0 0.0.0.255 any
 permit ip ################## 0.0.0.255 any
ip access-list extended native
 deny   ip 192.168.30.0 0.0.0.255 192.168.31.0 0.0.0.255
 deny   ip 192.168.30.0 0.0.0.255 192.168.32.0 0.0.0.255
 permit ip any any
ip access-list extended visitor
 deny   ip 192.168.31.0 0.0.0.255 192.168.30.0 0.0.0.255
 deny   ip 192.168.31.0 0.0.0.255 192.168.32.0 0.0.0.255
 permit ip any any
!
access-list 100 permit ip any any
dialer-list 1 protocol ip permit
!
!
!
!
!
!
!
control-plane
!
!
!
ccm-manager fax protocol cisco
!
mgcp fax t38 ecm
!
!
!
!
!
!
line con 0
line aux 0
line 66
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
 access-class management in
 password ##################
 login authentication TERMINAL-LINES
 transport input all
line vty 5 10
 access-class management in
 password Line ##################
 login authentication TERMINAL-LINES
 rotary 1
 transport input all
!
scheduler allocate 20000 1000
end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎09-09-2015 11:27 AM

Your ACL 100 used with NAT can cause these problems. Try the following ACL:

access-list 100 deny ip any 192.168.0.0 0.0.255.255
access-list 100 permit ip 192.168.0.0 0.0.255.255 any

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Karsten Iwen
VIP
VIP

‎09-09-2015 11:27 AM

Your ACL 100 used with NAT can cause these problems. Try the following ACL:

access-list 100 deny ip any 192.168.0.0 0.0.255.255
access-list 100 permit ip 192.168.0.0 0.0.255.255 any
0 Helpful

Go to solution
dan_miles86
Level 1
Level 1
In response to Karsten Iwen

‎09-09-2015 11:32 AM

Spot on and so simple. Thank you Karsten!

0 Helpful
Customers Also Viewed These Support Documents