Configure Passthrough AND Router SSH on Cisco 1721

[jwynacht]

Hi,

I'm looking to be able to SSH to my Cisco 1721 AND do passthrough to a server on my internal network.

I can configure either of these just fine but can't seem to configure them both to live together. Anybody have any pointers or links for me to check out?

Thanks in advance,

Jon

 

[burtsbees]

Post a config.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[jwynacht]

OK, here it is...sorry forgot to post. This is the one that does the pass-through to my internal server:

Current configuration : 2457 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MY_ROUTER_HOSTNAME
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret MY_PASSWORD
enable password MY_OTHER_PASSWORD
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LANpool
import all
network 192.168.1.0 255.255.255.0
dns-server 68.94.156.1 68.94.157.1
default-router 192.168.1.254
lease infinite
!
!
ip cef
ip domain name MY_DOMAIN_NAME
ip name-server 68.94.156.1
ip name-server 68.94.157.1
ip port-map ssh port tcp 30000 list 10
ip ssh logging events
ip ssh version 2
!
vpdn enable
!
!
!
!
username USERNAME privilege 15 secret 5 PASSWORD
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
description Internet Connection
no ip address
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
speed auto
!
interface FastEthernet1
description Connection to Wireless LAN
switchport access vlan 26
!
interface FastEthernet2
description Connect to LAN
switchport access vlan 26
!
interface FastEthernet3
description Internal LAN Server
switchport access vlan 26
!
interface FastEthernet4
description Connection to DMZ
switchport access vlan 26
no cdp enable
!
interface Vlan1
no ip address
!
interface Vlan26
description routed interface for LAN segment
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer1
mtu 1492
ip address EXTERNAL_IP 255.255.255.248
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname USERNAME
ppp chap password 0 PASSWORD
ppp pap sent-username USERNAME PASSWORD 0 dmmc1234
!
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.60 22 interface Dialer1 30000
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit EXTERNAL_IP_RANGE 0.0.0.255
access-list 10 permit 192.168.1.60
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
transport input ssh
!
end

 

[burtsbees]

I see. I ran into this problem today---as soon as another router in the same segment generated RSA keys, the keys on my main edge router disappeared...I will research this. Have you tried the inside port to be a different port?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!