How to redirect ssh traffic on 2022 to port 22

I need to redirect ssh on port 2022 from a public IP to an internal IP listening on port 22.  Currently, I have ssh setup for administration of the firewall.
cisco_2k2Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
rsivanandanConnect With a Mentor Commented:
access-list [number of acl] permit tcp any interface outside eq 2022

Enter this and see ? I mean, omit the host part.

Cheers,
Rajesh
0
 
Rick HobbsRETIREDCommented:
What kind of firewall, what kind of router?
0
 
DbergertCommented:
looks like yuou need to setup port forwarding.... what type of firewall is it ?

baiscall you need to NAT public IP : 2022 to internal ip : 22
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
cisco_2k2Author Commented:
The firewall is an ASA 5510
0
 
Rick HobbsRETIREDCommented:
If you redirect ssh to an internal device on port 22, you will no longer be able to manage the firewall with ssh.  Does that matter?
0
 
DbergertCommented:

You will want to put a command similar to:

static (inside,outside) tcp [external IP] 2022 [internal ip] 2022 netmask 255.255.255.255 0 0

     also, if you have an existing access list you will need something like

access-list [number of acl] permit tcp any host [external ip] eq 2022
0
 
DbergertCommented:
opps:"

static (inside,outside) tcp [external IP] 2022 [internal ip] 2022 netmask 255.255.255.255 0 0

should be

static (inside,outside) tcp [external IP] 2022 [internal ip] 22 netmask 255.255.255.255 0 0
0
 
cisco_2k2Author Commented:
Will I need to remove my existing ssh for the firewall administration to make this work?
0
 
DbergertCommented:
you really shouldn't... but lets see.

you already have port 22 (ssh) open for firewall adminsitartion from the internet correct ?

you want to to configure port 2022 to redirect to an internal box (linux?)  ssh.

so if yoiu connect to exteranl ip : 22  you hi the ASA  
if you connect to 2022 you hit the internal linux box.

if you redirected 22 to 22 then you would have problems, but you are using a alt. port for the other ssh.

make sense ?
0
 
Rick HobbsRETIREDCommented:
Remove my stupid comment completely.  It should not cause any problems with the admin SSH.
0
 
rsivanandanCommented:
Couple of modifications for Port Forward to work;

static (inside,outside) tcp interface 2022 [internal ip] 22 netmask 255.255.255.255 0 0

access-list [number of acl] permit tcp any host interface outside eq 2022

access-group [number of acl] in interface outside

Cheers,
Rajesh
0
 
cisco_2k2Author Commented:
After entering the following:
access-list [number of acl] permit tcp any host interface outside eq 2022

I am getting an error for the "interface" part of the string.  This is an ASA 5510 device.
0
 
DbergertCommented:
did you try the external IP ?
0
 
cisco_2k2Author Commented:
That worked. Thanks!
0
 
rsivanandanCommented:
No Problemo :-)

Cheers,
Rajesh
0
All Courses

From novice to tech pro — start learning today.