*URGENT* SSH default port change, and access from WAN

shuklavikas · ‎09-12-2016

Hello All,

I suspect my ISP has blocked port 22, so what I did. I have configured below. However when tried to access from WAN , it is not working.. "ssh -p 2222 username@WAN IP"

Please help guys..

ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh port 2222 rotary 1

line vty 0 4

rotary 1

Karsten Iwen · ‎09-12-2016

Have you allowed TCP/2222 on the outside ACL?

shuklavikas · ‎09-12-2016

Yes,

380 permit tcp any any eq 2222 log
390 permit udp any any eq 2222 log

Karsten Iwen · ‎09-12-2016

You don't need UDP for that. Are you sure that there is no deny above these lines? For a test move them to the beginning. Has SSH ever worked from outside?

shuklavikas · ‎09-12-2016

moved that to seq 5, yes ssh works from outside.

I have a business partner sitting in US, he says that he is not able to ssh on port 22 (suspect an ISP issue) though it can be ssh'ed from other region. so i thought to change it to 2222 and test it. But now I am not able to ssh it from anywhere on port 2222

P.S- Do I need to put "login local" on line vty or TACACS authentication will work?