Solved

Cisco 881 SSH access from outside

Posted on 2012-03-18
6
2,001 Views
Last Modified: 2012-04-07
Hello,

We are using a Cisco 881 and would like to allow SSH to the router from outside (any source)

Currently we have a NAT inside and outside.

Please help with this. Router is running the latest firmware of 15.x I believe.

Thanks
0
Comment
Question by:masdf123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 37736430
Hi,


you need:

int loop 1
 ip add 1.1.1.1 255.255.255.25
 ip nat inside
ip nat inside source static tcp 1.1.1.1 22 x.x.x.x 22

where x.x.x.x the public ip of the router!

Best regards,
Istvan
0
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 37737102
Once you enable SSH on the router, it it open from all sources by default. Outside access requires no further configuration unless you are using access lists or the zone based firewall to control traffic coming in from outside sources. If this is the case, you need to make sure that traffic to the router's public IP with destination port 22/tcp is permitted in the outside interface's access list (if you're just using access lists) or to the "self" zone (if you're using the zone based firewall.)
0
 
LVL 1

Author Comment

by:masdf123
ID: 37737403
jodylemoine, Could you guide me with the SSH enabling lines as well.

Thanks
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 37737428
Sure.

From global configuration mode (conf t) do the following:

Set the hostname and domain names if you haven't already with:

hostname xxx
ip domain-name domain.com

Generate the encryption keys for ssh:

crypto key generate rsa modulus 2048

Set the default ssh version to 2.0:

ip ssh version 2

Write the configuration and you should be good to go.
0
 
LVL 1

Author Comment

by:masdf123
ID: 37737475
And if there are ACLs on the outside interface, I should just allow port 22 in, correct?
0
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 500 total points
ID: 37737534
Correct.  If you're not using the zone-based firewall or context-based access control, you'll want to make sure that your ACL permits return traffic too or you'll lose Internet access.  I recommend zone-based firewall or context-based access control, but the following will work in a pinch:

ip access-list extended InternetIn
 permit tcp any any established
 permit udp any any
 permit icmp any any
 permit tcp any any eq 22
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ping in Fortigate 2 56
Security considerations & assessment when enabling Cisco Wake-On-Lan 5 51
upgrade Cisco Aironet AP 3 42
Change "enable" password on Cisco Router 7 52
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question