Solved: Thanks, Your config looks

panda.rakesh · ‎02-01-2017

I have the following setup:

Comcast (Arris) Cable Modem >> Linksys E3000 wi-fi router >> Cisco IR 809

I am trying to enable remote SSH for public IP to the IR809 using port-forwarding on the E3000. Is there a special setup needed on the 809 to accept packets originating from outside the network?

I am able to ssh to the 809 from within my home network. Has anyone done something similar before - any pointers you can share?

thanks in advance!.

Karsten Iwen · ‎02-01-2017

Here are some info on the general SSH-setup: Guide to better SSH-Security

Your problem could be related to a wrong NAT-config on the 809 router. Can you share the NAT-config?

View solution in original post

Julio E. Moisa · ‎02-01-2017

Hi,

Are you mapping the tcp 22 port? could you please share any screenshot?

Regards.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

panda.rakesh · ‎02-01-2017

I mapped port 22 on the Linksys router to the port on which SSH is running - screenshot enclosed.

Julio E. Moisa · ‎02-01-2017

thanks, try to put the internal port as 22 instead 7890.

Regards.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

panda.rakesh · ‎02-01-2017

Thanks, I had the internal port as 22 before and just changed it on the 809 to make it 7890 - as per SSH setup link in this thread. It did not work when I had both external and internal port as 22.

Julio E. Moisa · ‎02-01-2017

Thanks, Your config looks fine, I'm not sure if you are using any access group on the Cisco IR 809 or the ssh access is allowed for everything?.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Karsten Iwen · ‎02-01-2017

Here are some info on the general SSH-setup: Guide to better SSH-Security

Your problem could be related to a wrong NAT-config on the 809 router. Can you share the NAT-config?

panda.rakesh · ‎02-01-2017

Thank you Karsten, I did read the SSH post and followed your advice of running ssh on a different port than the standard.

I currently don't have any NAT config on the 809. My port forwarding is on the Linksys router, which seems to be working when the SSH request originates from the internal network.

I will look at references for the NAT config and try it next.

panda.rakesh · ‎02-01-2017

Turned out to be a NAT setup on the 809 - I had to enable outbound internet connectivity from my 809 (reference https://networklessons.com/cisco/ccie-routing-switching/cisco-ios-nat-port-forwarding/)

ip route 0.0.0.0 0.0.0.0 192.168.12.2

Karsten Iwen · ‎02-01-2017

ok, but that's not NAT. That's pure IP routing ... ;-)

Karsten Iwen · ‎02-01-2017

Ok, then it's obviously not a wrong NAT-config on the 809.

Try the following:

(I assume that the 809 can communicate to the internet through the Linksys router)

Connect your PC to the port where the Linksys is connected and give your PC the IP of the Linksys. Then try to connect to the 809 with SSH. If it works here, it's likely that the problem is related to the Port-Forwarding on the Linksys. If it doesn't work, there is at least also a problem on the 809.

SSH Connectivity to 809

SSH Connectivity to 809