Re: How to create IPSEC tunnel just for remote SSH acesss (on Cisco IOS router)

PWJPW · ‎03-04-2019

I have a simple requirement but all guides out there are generally for passing client certain traffic over the tunnel rather than just for SSH access back in to the router.

What I want is to have an IPSEC VPN tunnel between a Cisco IOS router (IR829 with Cellular connection) and my third-party router at head office (Mikrotik) which supports IPSEC (we use for other stuff).

I do not need any outbound traffic from the Cisco router to flow over the VPN, I purely want to use it as a way to access SSH from my head office to the Cisco router.

SSH is configured on the Cisco router and working fine from the LAN.

I have the basic IPSEC commands set up on the Cisco router, but its the routing and which interface to put it on etc.

Thanks!

James

Richard Burts · ‎03-04-2019

James

First can we verify that you are talking about a simple ipsec site to site vpn, not a Remote Access vpn, or a GRE or VTI tunnel.

If this is the case I believe that what you need to do is to configure an acl for the crypto map that permits SSH traffic, configure a crypto map (and transform set and other needed crypto commands), and apply the crypto map to the outbound interface. This should recognize the SSH traffic and encrypt it over the vpn and pass all other traffic normally.

HTH

Rick

HTH

Rick