02-01-2017 11:58 AM - edited 03-08-2019 09:08 AM
I have the following setup:
Comcast (Arris) Cable Modem >> Linksys E3000 wi-fi router >> Cisco IR 809
I am trying to enable remote SSH for public IP to the IR809 using port-forwarding on the E3000. Is there a special setup needed on the 809 to accept packets originating from outside the network?
I am able to ssh to the 809 from within my home network. Has anyone done something similar before - any pointers you can share?
thanks in advance!.
Solved! Go to Solution.
02-01-2017 12:58 PM
Here are some info on the general SSH-setup: Guide to better SSH-Security
Your problem could be related to a wrong NAT-config on the 809 router. Can you share the NAT-config?
02-01-2017 12:11 PM
Hi,
Are you mapping the tcp 22 port? could you please share any screenshot?
Regards.
02-01-2017 02:11 PM
02-01-2017 02:17 PM
thanks, try to put the internal port as 22 instead 7890.
Regards.
02-01-2017 02:26 PM
Thanks, I had the internal port as 22 before and just changed it on the 809 to make it 7890 - as per SSH setup link in this thread. It did not work when I had both external and internal port as 22.
02-01-2017 02:33 PM
Thanks, Your config looks fine, I'm not sure if you are using any access group on the Cisco IR 809 or the ssh access is allowed for everything?.
02-01-2017 12:58 PM
Here are some info on the general SSH-setup: Guide to better SSH-Security
Your problem could be related to a wrong NAT-config on the 809 router. Can you share the NAT-config?
02-01-2017 02:14 PM
Thank you Karsten, I did read the SSH post and followed your advice of running ssh on a different port than the standard.
I currently don't have any NAT config on the 809. My port forwarding is on the Linksys router, which seems to be working when the SSH request originates from the internal network.
I will look at references for the NAT config and try it next.
02-01-2017 02:38 PM
Turned out to be a NAT setup on the 809 - I had to enable outbound internet connectivity from my 809 (reference https://networklessons.com/cisco/ccie-routing-switching/cisco-ios-nat-port-forwarding/)
ip route 0.0.0.0 0.0.0.0 192.168.12.2
02-01-2017 02:43 PM
ok, but that's not NAT. That's pure IP routing ... ;-)
02-01-2017 02:42 PM
Ok, then it's obviously not a wrong NAT-config on the 809.
Try the following:
(I assume that the 809 can communicate to the internet through the Linksys router)
Connect your PC to the port where the Linksys is connected and give your PC the IP of the Linksys. Then try to connect to the 809 with SSH. If it works here, it's likely that the problem is related to the Port-Forwarding on the Linksys. If it doesn't work, there is at least also a problem on the 809.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide