Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2218
Views
0
Helpful
5
Replies

Can not access via ssh from subnet

cisco-pisco
Level 1
Level 1

‎12-26-2014 04:45 AM - edited ‎03-07-2019 10:01 PM

Hello guys!

I`ve Cisco 2921 and a little trouble with it:

LAN interface was configured to work with 192.168.1.0/24 subnet

After all IPs run out we had change subnet to 192.168.0.0/23

 

Running config:

LAN interface
interface GigabitEthernet0/0
description Local network
ip address 192.168.1.1 255.255.254.0
ip nat inside
ip virtual-reassembly in
ip policy route-map LAN
duplex auto
speed auto

SSH
line vty 0 4
access-class 1 in
password XXXXXXXXXX
transport input ssh

Access list for SSH
access-list 1 permit 192.168.0.0 0.0.1.255

Trouble:

Can not connect to 192.168.1.1:22 (Cisco`s IP) via SSH from 192.168.1.x

Port 22 filtered (nmap) even if remove access-class 1 in

But I can establish connection from 192.168.0.x
I can`t understand what is wrong :(

Labels:
0 Helpful
5 Replies 5

Henrik Grankvist
Level 4
Level 4

‎12-26-2014 06:06 AM

Hi

What is the output of "show ip ssh"?

0 Helpful

cisco-pisco
Level 1
Level 1
In response to Henrik Grankvist

‎12-26-2014 06:28 AM

SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa XXXXXX

0 Helpful

Henrik Grankvist
Level 4
Level 4
In response to cisco-pisco

‎12-26-2014 08:57 AM

I can't see anything wrong with the configuration you have provided.

0 Helpful

mvsheik123
Level 7
Level 7
In response to Henrik Grankvist

‎12-26-2014 12:32 PM

Hello,

Can you post full config related to SSH? Do you have domain name configured on the router?

Also, try to clear and regenerate RSA key.

 

Thx

MS

0 Helpful

schaef350
Level 1
Level 1

‎12-29-2014 03:23 PM

I believe you have to use as username/password to use SSH.  The password directly on the line will not work with SSH. 

Do a #show ip sockets

and see if the device is listening on the port as another t shooting step.

 

My template config to configure remote access looks like this just to compare:

username admin privilege 15 secret <password>

aaa new-model
aaa authentication login VTY_LOGIN local group radius
aaa authorization exec VTY_AUTHO local group radius

ip domain-name <domain name>

hostname <hostname>

crypto key generate ....

ip ssh version 2

line vty 0 4
 authorization exec VTY_AUTHO
 login authentication VTY_LOGIN
 transport input ssh

 

Be sure to rate helpful posts! :-)

 

- Be sure to rate all helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card