cisco_2k2
asked on
How to redirect ssh traffic on 2022 to port 22
I need to redirect ssh on port 2022 from a public IP to an internal IP listening on port 22. Currently, I have ssh setup for administration of the firewall.
Rick Hobbs
What kind of firewall, what kind of router?
looks like yuou need to setup port forwarding.... what type of firewall is it ?
baiscall you need to NAT public IP : 2022 to internal ip : 22
baiscall you need to NAT public IP : 2022 to internal ip : 22
ASKER
The firewall is an ASA 5510
If you redirect ssh to an internal device on port 22, you will no longer be able to manage the firewall with ssh. Does that matter?
You will want to put a command similar to:
static (inside,outside) tcp [external IP] 2022 [internal ip] 2022 netmask 255.255.255.255 0 0
also, if you have an existing access list you will need something like
access-list [number of acl] permit tcp any host [external ip] eq 2022
opps:"
static (inside,outside) tcp [external IP] 2022 [internal ip] 2022 netmask 255.255.255.255 0 0
should be
static (inside,outside) tcp [external IP] 2022 [internal ip] 22 netmask 255.255.255.255 0 0
static (inside,outside) tcp [external IP] 2022 [internal ip] 2022 netmask 255.255.255.255 0 0
should be
static (inside,outside) tcp [external IP] 2022 [internal ip] 22 netmask 255.255.255.255 0 0
ASKER
Will I need to remove my existing ssh for the firewall administration to make this work?
you really shouldn't... but lets see.
you already have port 22 (ssh) open for firewall adminsitartion from the internet correct ?
you want to to configure port 2022 to redirect to an internal box (linux?) ssh.
so if yoiu connect to exteranl ip : 22 you hi the ASA
if you connect to 2022 you hit the internal linux box.
if you redirected 22 to 22 then you would have problems, but you are using a alt. port for the other ssh.
make sense ?
you already have port 22 (ssh) open for firewall adminsitartion from the internet correct ?
you want to to configure port 2022 to redirect to an internal box (linux?) ssh.
so if yoiu connect to exteranl ip : 22 you hi the ASA
if you connect to 2022 you hit the internal linux box.
if you redirected 22 to 22 then you would have problems, but you are using a alt. port for the other ssh.
make sense ?
Remove my stupid comment completely. It should not cause any problems with the admin SSH.
Couple of modifications for Port Forward to work;
static (inside,outside) tcp interface 2022 [internal ip] 22 netmask 255.255.255.255 0 0
access-list [number of acl] permit tcp any host interface outside eq 2022
access-group [number of acl] in interface outside
Cheers,
Rajesh
static (inside,outside) tcp interface 2022 [internal ip] 22 netmask 255.255.255.255 0 0
access-list [number of acl] permit tcp any host interface outside eq 2022
access-group [number of acl] in interface outside
Cheers,
Rajesh
ASKER
After entering the following:
access-list [number of acl] permit tcp any host interface outside eq 2022
I am getting an error for the "interface" part of the string. This is an ASA 5510 device.
access-list [number of acl] permit tcp any host interface outside eq 2022
I am getting an error for the "interface" part of the string. This is an ASA 5510 device.
did you try the external IP ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That worked. Thanks!
No Problemo :-)
Cheers,
Rajesh
Cheers,
Rajesh