cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
394
Views
0
Helpful
3
Replies

how to forward/redirect SSH/telnet traffic to a specific host?

Jahan Pahlavani
Beginner
Beginner

Hello team, I want to redirect ssh traffic to a server for analyzing and reviewing (to PAM server), before go to real switches.for example when I ssh to 10.10.88.1, traffic go to PAM server and then go to 10.10.88.1;;

I write an ACL for filtering ssh traffic and assign it to a route-map and set ip next-hop to this server (PAM), on the distribution and core switches. and set ip policy on interface connected to core.

dist are 3750x and 3850-x and core is 4500 series.

but this scenario doesn't work.

all configs are correct and I review them many times, but I wonder if route-map ip next-hop can point to a host beyond some routers or it is for pointing to next hop router only.

 

many thanks.

3 Replies 3

paul driver
VIP Expert VIP Expert
VIP Expert

Hello
you could span/mirror or insert a tap to capture the traffic 
Can you elaborate of this PAM server?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

thanks to replay,

using span is not a long-term solution and using tap is costly.

privileged access management (PAM) is for restriction of access rights and permissions for users and accounts and computing processes. but pam is not my problem, my problem is route map and ip next hop config and how they work.

Hello


@Jahan Pahlavani wrote:

but pam is not my problem, my problem is route map and ip next hop config and how they work.


What you are describing is policy-based routing, which i not sure would be applicable regards your query, as using PBR this would send all ssh traffic via the next-hop destination you specify (be it next-hop ip/interface or next hop recursive ip address) which would mean ssh would fail.
Now in your case (unless that is i am mistaken ) what you seem to want is to capture ssh traffic as it is being initiated and the ways to do that is to span/mirror or tap that traffic.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers