Hey all,
I am having a problem over the past few days where I've tried port forwarding 2222 => 22, and 2222 => 2222 to an ISR4331. This is the topology I am using including the relevant commands on each network device:
What happens is that the first packet will get to the ISR4331, then the ISR4331 decides to respond on a random source port, then the ASA doesn't detect that its from the same session and drops the packet (see pic below):
The weird thing is that when I first switched from using port 22 as the default port to port 2222 on the ISR4331, it started working for a while, then I had a power outage and when it came back up it started using random source ports for ssh again. Anyone have any ideas on how to fix this? I refuse to believe that this is just how it works, there's got to be something I'm doing wrong. I've tried downgrading my ios from 17.9.4a to 17.03.05 but that didn't help anything.
Any insight is appreciated!
Thanks
Hi MHM,
That didn't seem to solve the problem, I am still getting random source packets for ssh from the ISR4331:
Here is my router config:
line vty 0 15
access-class DenySSH22 in
exec-timeout 0 0
rotary 1
no exec
transport input ssh
stopbits 1
Thanks
Hi MHM,
That is good to know! But unfortunately I am getting the same issue using port 2001 as you stated in the link. I also had to remove the "no exec" from line vty 0 15 because it kept kicking out my ssh sessions. Here is my config:
ip ssh port 2001 rotary 1
access-class DenySSH22 in
exec-timeout 0 0
rotary 1
transport input ssh
