SSH connection over VPN

NielsvdBerghe · ‎03-25-2013

Hi,

In order to remotely connect to my Cisco router, I've configured WebVPN, from where I want to connect with an SSH tunnel. The problem is that this doesn't quite seem to work. I can connect to the WebVPN just fine, but from there, I can't seem to use SSH to connect to my router. Locally, I'm able to connect.

I've established a few things that might be the problem:

When I use ipconfig in my command prompt, there doesn't seem to be a default gateway for the VPN interface. I don't know if it's supposed to be like this or how to change it.

I've configured an ACL that blocks the port used for SSH on the WAN interface, so that not just anyone can try to connect using SSH.

I think it might be one of these two things, but I might be completely wrong. So if anyone could help me out, that would be awesome.

Thanks!

Edit:

I've also noticed that I can't ping to the router over the VPN connection.

Andrew Phirsov · ‎03-25-2013

If you're taling about WebVPN, there's no full-tunnel between your PC and network you're trunig to connect. WebVPN server (i.e. your cisco router) works just like proxy for incomming connections. So in order to connect to smth using ssh with WebVPN you have two options: smart-tunnel, wich will intercept all ssh traffic from your management pc and send it throug ssl-channel, where WebVPN server acts as a proxy, or use ssh-plugin.

When I use ipconfig in my command prompt, there doesn't seem to be a  default gateway for the VPN interface. I don't know if it's supposed to  be like this or how to change it.

Your gateway shouldn't change, cause it's not full tunnel.

Plus, with webvpn you should check that ssh-server you're truing to connect to allows ssh connection from inside IP of a WebVPN-gateway, cause all the connections will be initiated from this IP.