Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1341
Views
0
Helpful
1
Replies

LAN to LAN VPN and SSH port forwarding

giovannitorres
Level 1
Level 1

‎01-24-2012 01:20 AM

Hello All,

I was wondering if someone can help me with the following: I would like to be able to do SSH port forwarding from outside to an IP address inside. Normally, this is very straighforward. The problem now is that if I do so, then the LAN to LAN VPN stops working!

Here are the details:

There is a LAN to LAN VPN working flawlesly (so far) between an ASA 5505 and a Cisco 861 Integrated Router. However, I would like also, to give SSH access to an IP address behind the Cisco router. The moment I do this the VPN breaks!

I attached the Cisco 861 router configuration, where the problem shows. The ASA has public IP X.X.X.105 and the router has X.X.X.105. These two are used for the VPN tunnel. The internal network in the ASA is 10.115.16.0/24 and 192.168.10.0/24 in the router. These talk to each other using the tunnelt.

But, the moment I try to forward port 22 in the router from X.X.X.107 to 192.168.10.30 the VPN breaks! I do that with the following line:

ip nat inside source static tcp 192.168.10.30 22 X.X.X.107 22

Obviously, something is eluding me. The configuration is rather short and simple. But, I'm a newbie with Cisco rotuer configuration. Note that the tunnel stays up after I use the natting entry and I can talk from the router to the ASA, but not the other way around!

The router is Cisco 861 with IOS version 15.0(1)M7.

What could be the problem?

Thanks!

Giovanni

Labels:
121165-c861-anon.cfg.zip
0 Helpful
1 Reply 1
Customers Also Viewed These Support Documents