Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
0
Helpful
3
Replies

how to forward/redirect SSH/telnet traffic to a specific host?

Jahan Pahlavani
Level 1
Level 1

‎10-22-2021 11:09 AM

Hello team, I want to redirect ssh traffic to a server for analyzing and reviewing (to PAM server), before go to real switches.for example when I ssh to 10.10.88.1, traffic go to PAM server and then go to 10.10.88.1;;

I write an ACL for filtering ssh traffic and assign it to a route-map and set ip next-hop to this server (PAM), on the distribution and core switches. and set ip policy on interface connected to core.

dist are 3750x and 3850-x and core is 4500 series.

but this scenario doesn't work.

all configs are correct and I review them many times, but I wonder if route-map ip next-hop can point to a host beyond some routers or it is for pointing to next hop router only.

 

many thanks.

Labels:
0 Helpful
3 Replies 3

paul driver
VIP
VIP

‎10-23-2021 07:23 AM

Hello
you could span/mirror or insert a tap to capture the traffic 
Can you elaborate of this PAM server?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Jahan Pahlavani
Level 1
Level 1
In response to paul driver

‎10-24-2021 01:37 AM - edited ‎10-24-2021 01:38 AM

thanks to replay,

using span is not a long-term solution and using tap is costly.

privileged access management (PAM) is for restriction of access rights and permissions for users and accounts and computing processes. but pam is not my problem, my problem is route map and ip next hop config and how they work.

0 Helpful

paul driver
VIP
VIP
In response to Jahan Pahlavani

‎10-24-2021 02:38 AM

Hello

@Jahan Pahlavani wrote:

but pam is not my problem, my problem is route map and ip next hop config and how they work.

What you are describing is policy-based routing, which i not sure would be applicable regards your query, as using PBR this would send all ssh traffic via the next-hop destination you specify (be it next-hop ip/interface or next hop recursive ip address) which would mean ssh would fail.
Now in your case (unless that is i am mistaken ) what you seem to want is to capture ssh traffic as it is being initiated and the ways to do that is to span/mirror or tap that traffic.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card