Solved

How to redirect ssh traffic on 2022 to port 22

Posted on 2006-07-19
15
1,188 Views
Last Modified: 2008-01-09
I need to redirect ssh on port 2022 from a public IP to an internal IP listening on port 22.  Currently, I have ssh setup for administration of the firewall.
0
Comment
Question by:cisco_2k2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
15 Comments
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17142598
What kind of firewall, what kind of router?
0
 
LVL 5

Expert Comment

by:Dbergert
ID: 17142635
looks like yuou need to setup port forwarding.... what type of firewall is it ?

baiscall you need to NAT public IP : 2022 to internal ip : 22
0
 

Author Comment

by:cisco_2k2
ID: 17142645
The firewall is an ASA 5510
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17142684
If you redirect ssh to an internal device on port 22, you will no longer be able to manage the firewall with ssh.  Does that matter?
0
 
LVL 5

Expert Comment

by:Dbergert
ID: 17142689

You will want to put a command similar to:

static (inside,outside) tcp [external IP] 2022 [internal ip] 2022 netmask 255.255.255.255 0 0

     also, if you have an existing access list you will need something like

access-list [number of acl] permit tcp any host [external ip] eq 2022
0
 
LVL 5

Expert Comment

by:Dbergert
ID: 17142699
opps:"

static (inside,outside) tcp [external IP] 2022 [internal ip] 2022 netmask 255.255.255.255 0 0

should be

static (inside,outside) tcp [external IP] 2022 [internal ip] 22 netmask 255.255.255.255 0 0
0
 

Author Comment

by:cisco_2k2
ID: 17142830
Will I need to remove my existing ssh for the firewall administration to make this work?
0
 
LVL 5

Expert Comment

by:Dbergert
ID: 17142852
you really shouldn't... but lets see.

you already have port 22 (ssh) open for firewall adminsitartion from the internet correct ?

you want to to configure port 2022 to redirect to an internal box (linux?)  ssh.

so if yoiu connect to exteranl ip : 22  you hi the ASA  
if you connect to 2022 you hit the internal linux box.

if you redirected 22 to 22 then you would have problems, but you are using a alt. port for the other ssh.

make sense ?
0
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17142911
Remove my stupid comment completely.  It should not cause any problems with the admin SSH.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17143653
Couple of modifications for Port Forward to work;

static (inside,outside) tcp interface 2022 [internal ip] 22 netmask 255.255.255.255 0 0

access-list [number of acl] permit tcp any host interface outside eq 2022

access-group [number of acl] in interface outside

Cheers,
Rajesh
0
 

Author Comment

by:cisco_2k2
ID: 17151020
After entering the following:
access-list [number of acl] permit tcp any host interface outside eq 2022

I am getting an error for the "interface" part of the string.  This is an ASA 5510 device.
0
 
LVL 5

Expert Comment

by:Dbergert
ID: 17151253
did you try the external IP ?
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 17151334
access-list [number of acl] permit tcp any interface outside eq 2022

Enter this and see ? I mean, omit the host part.

Cheers,
Rajesh
0
 

Author Comment

by:cisco_2k2
ID: 17151463
That worked. Thanks!
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17151467
No Problemo :-)

Cheers,
Rajesh
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month5 days, 20 hours left to enroll

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question