Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4454
Views
0
Helpful
6
Replies

static nat on port 22 (ssh)

Koblensky
Level 1
Level 1

‎09-29-2011 01:36 PM - edited ‎03-07-2019 02:31 AM

Hi all,

i'm would like to set a non standard ssh port with the following cmd:

1) ip nat inside source static tcp 192.168.1.45 22 MY.PUBLIC.IP.3 12345 extendable

but it doesn't seems to work, if i do 

2) ip nat inside source static tcp 192.168.1.45 789 MY.PUBLIC.IP.3 12345 extendable

or:

3) ip nat inside source static tcp 192.168.1.45 12345 MY.PUBLIC.IP.3 12345 extendable

it works!

in all the above cases i'm making sure that there is a ssh server running on the ports 22, 789 and 12345 and that there is the corresponding firewall rule to make the traffic pass through.

does port 22 requires some additional configuration?

thanks,

kky

Labels:
0 Helpful
6 Replies 6

Koblensky
Level 1
Level 1

‎02-08-2012 03:01 PM

its seems that if the router has an ssh service it doesn't allow to set nat on ssh, i've resolved setting a dmz ssh server on a non standard port.

Let me know if you have a different experience,

thanks!!

0 Helpful

AndresCarrillo18557
Level 1
Level 1

‎03-05-2020 08:19 PM

Hello,

 

I am experiencing the same behavior, did you find a solution?

 

Thanks

0 Helpful

Georg Pauwen
VIP
VIP
In response to AndresCarrillo18557

‎03-06-2020 01:05 AM

Hello,

 

try and map ssh t a different port, e.g. (in global config mode):

 

ip port-map ssh port 12345

 

then try the NAT statement again...

0 Helpful

AndresCarrillo18557
Level 1
Level 1
In response to Georg Pauwen

‎03-06-2020 07:33 PM

Thank you Georg Pauwen,

I have tried the ip port-map command but it just adds new rulle, it doesn't
override de deafult system defined port. I have something like:

```bash
Default mapping: ssh tcp port 22
system defined
Default mapping: ssh udp port 22
system defined
Host specific: ssh tcp port 22 in list 15
user defined
```
I think this command would resolve my needs but, what is the right way to
use it so the following nat directs all ssh traffic to my server instead of
CISCO?

```bash
ip nat inside source static tcp 10.10.100.121 22 interface GigabitEthernet0
22
```

Regards
0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to AndresCarrillo18557

‎03-07-2020 06:22 AM

Hi,

 

   Can you define what is your configuration and what you want to achieve that's not working? "ip port-map" is not used for NAT. You can, if you want, remove the default port-mappings for a protocol and add your own: first remove the default mapping via "no ip port-map ssh" and add your custom ones via "ip port-map ssh port xyz".

 

Regards,

Cristian Matei.

0 Helpful

AndresCarrillo18557
Level 1
Level 1
In response to Cristian Matei

‎03-07-2020 07:45 AM

Thank you Cristian, I will give it a try.

I have a server with a couple of applications running on it, and it is
exposed to internet with ip nat inside commands. But for instance I cannot
use default ssh port for gitlab, I had to change it to a custom port and I
would like to use the default 22 so new users can easily connect.

Regards
0 Helpful
Customers Also Viewed These Support Documents