I uploaded the config. The ip address of the server I need to ssh to is 10.0.1.99.

Thanks for your response,

John

ip nat inside source static tcp 10.0.1.10 22 interface FastEthernet4 22

Now from the outside, anyone connecting to the router FastEthernet 4

interface IP on port 22 will be re-direct to the Linux server, assuming

that host 10.0.1.10 is the IP address of the linux server

I made added the nat route but still no connection from the outside. Attached is my current running config. Am I missing something? My server IP is 10.0.1.99.

Thank you,

John

Please modify your ACL as such:

ip access-list extended Internet-inbound-ACL

permit udp any eq bootps any eq bootpc

permit icmp any any echo

permit icmp any any echo-reply

permit icmp any any traceroute

permit gre any any

permit esp any any

permit tcp any any eq 22 log

deny ip any any log

That will ssh access from the outside.

CCIE Security

Made the changes and I can now ssh from the outside. Did I need the ip nat inside source static tcp 10.0.1.10 22 interface FastEthernet4 22 line added to the config? Thank you so much for your help!

John

you need both:

ip nat inside source static tcp 10.0.1.10 22 interface FastEthernet4 22

permit tcp any any eq 22 log

you can even ssh into your linux box on whatever port your specified

if you want preserve tcp port 22 to ssh into your router from the

outside. For example, you can do this

ip nat inside source static tcp 10.0.1.99 22 interface FastEthernet4 24

ip access-list extended Internet-inbound-ACL

deny ip any any log

permit tcp any any eq 24 log

permit tcp any any eq 22 log

deny ip any any log

Now you can ssh into your router on tcp port 22 and your Linux server

on tcp port 24. Putty, Teraterm or SecureCRT can do it rather easily.

CCIE Security