masdf123
asked on
Cisco 881 SSH access from outside
Hello,
We are using a Cisco 881 and would like to allow SSH to the router from outside (any source)
Currently we have a NAT inside and outside.
Please help with this. Router is running the latest firmware of 15.x I believe.
Thanks
We are using a Cisco 881 and would like to allow SSH to the router from outside (any source)
Currently we have a NAT inside and outside.
Please help with this. Router is running the latest firmware of 15.x I believe.
Thanks
Once you enable SSH on the router, it it open from all sources by default. Outside access requires no further configuration unless you are using access lists or the zone based firewall to control traffic coming in from outside sources. If this is the case, you need to make sure that traffic to the router's public IP with destination port 22/tcp is permitted in the outside interface's access list (if you're just using access lists) or to the "self" zone (if you're using the zone based firewall.)
ASKER
jodylemoine, Could you guide me with the SSH enabling lines as well.
Thanks
Thanks
Sure.
From global configuration mode (conf t) do the following:
Set the hostname and domain names if you haven't already with:
hostname xxx
ip domain-name domain.com
Generate the encryption keys for ssh:
crypto key generate rsa modulus 2048
Set the default ssh version to 2.0:
ip ssh version 2
Write the configuration and you should be good to go.
From global configuration mode (conf t) do the following:
Set the hostname and domain names if you haven't already with:
hostname xxx
ip domain-name domain.com
Generate the encryption keys for ssh:
crypto key generate rsa modulus 2048
Set the default ssh version to 2.0:
ip ssh version 2
Write the configuration and you should be good to go.
ASKER
And if there are ACLs on the outside interface, I should just allow port 22 in, correct?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you need:
int loop 1
ip add 1.1.1.1 255.255.255.25
ip nat inside
ip nat inside source static tcp 1.1.1.1 22 x.x.x.x 22
where x.x.x.x the public ip of the router!
Best regards,
Istvan