[CLUE-Tech] SSH through Cisco

[Frank Whiteley]

----- Original Message -----
From: "Sean LeBlanc" <seanleblanc at americanisp.net>
To: <clue-tech at clue.denver.co.us>
Sent: Sunday, January 26, 2003 1:44 PM
Subject: Re: [CLUE-Tech] SSH through Cisco


> On 01-24 07:45, David Anselmi wrote:
> > Sean LeBlanc wrote:
> > >I can't seem to get SSH to go through my Cisco 678 box. My config:
> > [...]
> > >And I set up the Cisco 678 by calling set nat add entry 10.0.0.2 22
> > >and called write. It shows up in the nat table. Yet I cannot get
anything
> > >other than a timeout when I try to ssh to 10.0.0.1 or the external IP.
I
> > >can't understand why it's not working.
> > >
> >
> > Did you reboot after writing?  Doesn't seem that a reboot should be
> > necessary, but it seemed to help last time I set that up.
>
> Tried that, still no dice. Is there any way to reset Cisco to the default
> settings? I don't really have much changed other than the password and the
> port forwarding for 22. I'm wondering if that might help.
>
set nvram erase
write
reboot

> Someone emailed me off-list about setting a static route, and even though
I
> was unsure that was necessary, I tried that, too. At one time, this was
> working, but I didn't have the Linksys in there. But as I said, I can ssh
> directly to the LinkSys and get the proper forwarding.
>
I would still consider 'bridging' by setting adding a static route for the
subnet, however there's a more detailed port forwarding entry that I've used
for shipping software

set nat entry add <inside-ip> <portstart-portend> <outside-ip>
<portstart-portend> <protocol>

though I haven't used this for ssh specifically.  I not that SSH is now
running at your IP address on an obscure port, so you appear to a hacked it.

<snip>
Frank Whiteley
Greeley