Re: tunneling using SSH port 2222 - Page 2

evgenie.daniel1 · ‎09-27-2017

helllo

i have cisco router 860 andit has two networks: WAN 132.66.x.x

LAN 10.10.10.x

VLAN1 10.10.10.10 also DHCP

every time i want to connect to the PC on the network 10.10.10.x via SSH on Router i want to make a tunnel using port 2222.

for example i am on the network 132.66.x.x opening SSH putty and type the router's ip 10.10.10.10 or 132.66.x.x . and then after i authenticates i want to get directly to the PC 10.10.10.84 . which command i should run on the router in order to do it.

evgenie.daniel1 · ‎09-28-2017

but when i choose not the ssh on the putty but raw like this it's getting me to the 10.10.10.84 PC. but i wonder if it is ok:

paul driver · ‎09-28-2017

Hello

@evgenie.daniel1 wrote:
every time i want to connect to the PC on the network 10.10.10.x via SSH on Router i want to make a tunnel using port 2222.

On the router:
conf t

ip ssh port 2222 rotary 1
line vty x x
rotary 1
transport input ssh

Provding you have ssh access to the router you should then be able to access the router via ssh on port 2222

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

evgenie.daniel1 · ‎09-28-2017

done it. nothing is changed:

evgenie.daniel1 · ‎09-28-2017

and another thing:

if i want to allow other people outside the 132.66.x.x network to reach the Router 132.66.210.72 via port 2222 (but first they need to connect to VPN ), i am not need to connect VPN cause i am on the 132.66.x.x network. do i need to enter additional commands to the router in order to make it work ?

Georg Pauwen · ‎09-28-2017

So now you get a password prompt ? You have 'login local' configured, that means you have to use the username/password configured on the router.

evgenie.daniel1 · ‎09-28-2017

it's working only for me siting on the 132.66.x.x network and it also leting me log the usename "intelwifi" but the password not, telling me "access denied"(see the attached file), but when i connect to 22 port like i used before it does letting me to log with the username and with the password. and another thing, port 2222 not working for the people that connecting VPN to use the 132.66.x.x network, they still can use port 22 as before.

Georg Pauwen · ‎09-28-2017

Hello,

if you have not done so yet, configure an RSA key:

crypto key generate rsa modulus 1024

You can also try to configure ssh version 2:

ip ssh version 2

evgenie.daniel1 · ‎09-28-2017

done. still access denied:

Georg Pauwen · ‎09-28-2017

Do you actually see connection attempts at the device with address 10.10.10.84 ?

evgenie.daniel1 · ‎09-28-2017

only when i choose RAW on putty with 2222 port and IP 132.66.210.72

:

evgenie.daniel1 · ‎09-28-2017

but again it is only from my network. i need it also to the outside, the vpn users. now vpn users only can use 132.66.210.72 ssh 22 only.

Georg Pauwen · ‎09-28-2017

Hello,

what do you have configured under 'Preferred SSH protocol version' in Putty ?

For VPN clients, you will first have to set the Cisco up as a VPN server, unless you have some other way of providing VPN client connectivity ?

evgenie.daniel1 · ‎09-28-2017

They use any connect of cisco.they connect to vpn server of the organisation. . No need for vpn server on the router.

Georg Pauwen · ‎09-28-2017

What internal IP addresses are being assigned to the VPN users ? The only way you can get them to access 10.10.10.84 from an internal address is to somehow connect the Cisco to the rest of your network...

evgenie.daniel1 · ‎09-28-2017

They are getting ip of wan 132.66.x.x. They need to connect to the ubuntu pc port ssh 22 via port 2222 of cisco 132.66.210.72 using any client like putty and etc. Ubuntu ip address is 10.10.10.84 located on the Lan network of 10.10.10.x.