Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1095
Views
1
Helpful
5
Replies

I have an issue with dynamic routing

zzkang12
Level 1
Level 1

‎10-02-2023 01:01 AM

Hello, I've been struggling with connecting a router to an SSH server recently.

The router#1 can be accessed without any issues from the SSH server, but the router#2, which is part of the cluster with #1, cannot be accessed via SSH. Both routers have routes for SSH segment, and the situation persists where SSH access is possible only on the router#1. Both routers are connected to the opposite routers via WAN tunneling, and they are connected to the SSH server through the same switch and firewall. If anyone has any insights or suggestions regarding the possible reasons for this problem, could you please provide a response?

My using model is ISR4331 and the version is 17.3

 
Labels:
0 Helpful
5 Replies 5

Blue_Bird
VIP
VIP

‎10-02-2023 02:19 AM

I suggest you to compare the configuration of Router#1 and Router#2

What configuration you implemented Router#1 for ssh...do the similar/same configuration for ssh on Router#2

Here is the sample configuration:

R1(config)#username admin password my_password
R1(config)#ip domain-name NETWORKDOMAIN.LOCAL
R1(config)#crypto key generate rsa 2048
R1(config)#ip ssh version 2
R1(config)#line vty 0 4
R1(config-line)#transport input ssh
R1(config-line)#login local

Perform the connectivity / communication from Router#1 and #2 to ssh server using ping command...

Try to use traceroute ssh_server_ip (ex: traceroute 192.168.1.100)  command  to track the path of the packet...

Also try to check and acl is implemented on Router#2 which may block access to ssh

Router2#show ip access-list

From the output of above commands you may get some clue for your issue.....

Best regards
******* If This Helps, Please Rate *******

0 Helpful

zzkang12
Level 1
Level 1
In response to Blue_Bird

‎10-03-2023 05:16 PM

zzkang12_0-1696356956716.png

Filnally I solve this issue, but I am not sure I understand this properly.

so the former configuration only RT C has the ip route configuration to RT A like below.

ip route 10.214.18.249 255.255.255.255 172.25.250.254

after I added route D to B like below, it works as like I thought so.

ip route 10.214.18.248 255.255.255.255 172.25.250.250

SSH server is on 192.168.0.0 / 16 segment and RT C and D has route to that segment of course.

RT A B C D has been connected by EIGRP and C and A and D and B are connected by Tunnel 0.

In this situation I don't need to add the route toward SSH server at RT A and B

I just need to add the route to A and D from C and D.

Is that right?

Blue_Bird
VIP
VIP
In response to zzkang12

‎10-03-2023 06:45 PM - edited ‎10-03-2023 11:39 PM

Yes....you don't need to add the route toward SSH server at RT A and B

keep in mind....in production evironment....if you are making any changes...do it according to the comapany policies...

also keep document that changes...

Thanks

0 Helpful

MHM Cisco World
VIP
VIP

‎10-02-2023 03:09 AM

What you meaning of cluster?

0 Helpful

paul driver
VIP
VIP

‎10-02-2023 04:51 AM

Hello
Is rtr 2 reachable, 
Do you have local access to the rtr , so to check the mgt configuration?
Can you put a debug on the mgt connection to/from rtr2 and see what the log buffer records

example:
conf t
no logging console
logging buffered
access-list 100 permit tcp host <scrhost> host <desthost> eq 22
access-list 100 permit tcp host <desthost> host <scrhost> eq 22
end
debug condition interface <interface>
debug ip packet detail 100


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Top