Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1221
Views
5
Helpful
2
Replies

ZBF-Cellular Interface-SSH

Go to solution
Cisco4Life
Level 1
Level 1

‎05-17-2017 12:55 PM - edited ‎03-05-2019 08:33 AM

Greetings Board..

I am having a time here ssh into a router which has dual internet interfaces.  It has dialer0 and an cellular interface.  the dialer is primary and I am able to ssh into the router, but if I try to ssh in via the cellular interface, then nothing.  I was thinking along the lines of asymmetrical routing.  Here is a snippet of the debugs i ran.

"May 17 19:00:38.354: FIBipv4-packet-proc: route packet from (local) src a.a.a.a dst b.b.b.b
May 17 19:00:38.354: FIBfwd-proc: packet routed by adj to Dialer0 0.0.0.0
May 17 19:00:38.354: FIBipv4-packet-proc: packet routing succeeded
May 17 19:00:38.354: IP: s=a.a.a.a (local), d=b.b.b.b (Dialer0), len 44, sending
May 17 19:00:38.354: TCP src=22, dst=62743, seq=2150869026, ack=1172504257, win=4128 ACK SYN
May 17 19:00:38.354: IP: s=a.a.a.a (local), d=b.b.b.b (Dialer0), len 44, output feature
May 17 19:00:38.354: TCP src=22, dst=62743, seq=2150869026, ack=1172504257, win=4128 ACK SYN, Post-routing NAT Outside(24), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE"

I have also included a sanitized config.  Any help would be appreciated and points in the right direction.

Thanks

Frank

Labels:
Preview file
21 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Spooster IT Services
Level 7
Level 7

‎05-18-2017 02:46 PM

Hi Frank Durham,

You can only SSH to Dialer or Cellular which is acting as primary circuit beacuse many ISP's will not allow the traffic that has source IP which is not belonging to their CIDR. When you are trying to SSH to cellular interace IP, router route the reply through Dialer (as default route is pointing towards Dialer) and ISP is droping that traffic (with source IP of Cellular interface IP) as the Source IP is not belonging to their CIDR. 

To make it work it work you either to define static route towards cellular from where you are trying to SSH to cellular interface IP.

If this is helpful please rate

Spooster IT Services Team

View solution in original post

2 Replies 2

Go to solution
Spooster IT Services
Level 7
Level 7

‎05-18-2017 02:46 PM

Hi Frank Durham,

You can only SSH to Dialer or Cellular which is acting as primary circuit beacuse many ISP's will not allow the traffic that has source IP which is not belonging to their CIDR. When you are trying to SSH to cellular interace IP, router route the reply through Dialer (as default route is pointing towards Dialer) and ISP is droping that traffic (with source IP of Cellular interface IP) as the Source IP is not belonging to their CIDR. 

To make it work it work you either to define static route towards cellular from where you are trying to SSH to cellular interface IP.

If this is helpful please rate

Spooster IT Services Team

Go to solution
Cisco4Life
Level 1
Level 1

‎05-18-2017 07:21 PM

Thank you.. makes perfect sense...  

0 Helpful
Customers Also Viewed These Support Documents