Solved

Cisco 881 SSH access from outside

Posted on 2012-03-18
6
1,978 Views
Last Modified: 2012-04-07
Hello,

We are using a Cisco 881 and would like to allow SSH to the router from outside (any source)

Currently we have a NAT inside and outside.

Please help with this. Router is running the latest firmware of 15.x I believe.

Thanks
0
Comment
Question by:masdf123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 37736430
Hi,


you need:

int loop 1
 ip add 1.1.1.1 255.255.255.25
 ip nat inside
ip nat inside source static tcp 1.1.1.1 22 x.x.x.x 22

where x.x.x.x the public ip of the router!

Best regards,
Istvan
0
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 37737102
Once you enable SSH on the router, it it open from all sources by default. Outside access requires no further configuration unless you are using access lists or the zone based firewall to control traffic coming in from outside sources. If this is the case, you need to make sure that traffic to the router's public IP with destination port 22/tcp is permitted in the outside interface's access list (if you're just using access lists) or to the "self" zone (if you're using the zone based firewall.)
0
 
LVL 1

Author Comment

by:masdf123
ID: 37737403
jodylemoine, Could you guide me with the SSH enabling lines as well.

Thanks
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 37737428
Sure.

From global configuration mode (conf t) do the following:

Set the hostname and domain names if you haven't already with:

hostname xxx
ip domain-name domain.com

Generate the encryption keys for ssh:

crypto key generate rsa modulus 2048

Set the default ssh version to 2.0:

ip ssh version 2

Write the configuration and you should be good to go.
0
 
LVL 1

Author Comment

by:masdf123
ID: 37737475
And if there are ACLs on the outside interface, I should just allow port 22 in, correct?
0
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 500 total points
ID: 37737534
Correct.  If you're not using the zone-based firewall or context-based access control, you'll want to make sure that your ACL permits return traffic too or you'll lose Internet access.  I recommend zone-based firewall or context-based access control, but the following will work in a pinch:

ip access-list extended InternetIn
 permit tcp any any established
 permit udp any any
 permit icmp any any
 permit tcp any any eq 22
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question