Solved

Cisco 881 SSH access from outside

Posted on 2012-03-18
6
1,877 Views
Last Modified: 2012-04-07
Hello,

We are using a Cisco 881 and would like to allow SSH to the router from outside (any source)

Currently we have a NAT inside and outside.

Please help with this. Router is running the latest firmware of 15.x I believe.

Thanks
0
Comment
Question by:masdf123
  • 3
  • 2
6 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 37736430
Hi,


you need:

int loop 1
 ip add 1.1.1.1 255.255.255.25
 ip nat inside
ip nat inside source static tcp 1.1.1.1 22 x.x.x.x 22

where x.x.x.x the public ip of the router!

Best regards,
Istvan
0
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 37737102
Once you enable SSH on the router, it it open from all sources by default. Outside access requires no further configuration unless you are using access lists or the zone based firewall to control traffic coming in from outside sources. If this is the case, you need to make sure that traffic to the router's public IP with destination port 22/tcp is permitted in the outside interface's access list (if you're just using access lists) or to the "self" zone (if you're using the zone based firewall.)
0
 
LVL 1

Author Comment

by:masdf123
ID: 37737403
jodylemoine, Could you guide me with the SSH enabling lines as well.

Thanks
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 37737428
Sure.

From global configuration mode (conf t) do the following:

Set the hostname and domain names if you haven't already with:

hostname xxx
ip domain-name domain.com

Generate the encryption keys for ssh:

crypto key generate rsa modulus 2048

Set the default ssh version to 2.0:

ip ssh version 2

Write the configuration and you should be good to go.
0
 
LVL 1

Author Comment

by:masdf123
ID: 37737475
And if there are ACLs on the outside interface, I should just allow port 22 in, correct?
0
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 500 total points
ID: 37737534
Correct.  If you're not using the zone-based firewall or context-based access control, you'll want to make sure that your ACL permits return traffic too or you'll lose Internet access.  I recommend zone-based firewall or context-based access control, but the following will work in a pinch:

ip access-list extended InternetIn
 permit tcp any any established
 permit udp any any
 permit icmp any any
 permit tcp any any eq 22
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Radius Debug Error 16 59
Viber-Only Restriction 6 26
Port Forwarding on Cisco 881 14 42
Palo Alto Networks: View Tunnel packet counts? 2 11
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now