From: Pete Kowalsky (pkowalsky@xxxxxxx)
Date: Wed Jul 17 2002 - 14:24:52 GMT-3
Hey, that would be way cool -- if you could SSH to a 2500 series router.
According to this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122
t/122t2/ftrevssh.htm#xtocid256035 , you cannot even set up SSH on a 2500
series router. Since it's been I while since I've tried, maybe someone can
give it a look, and see if it's even in the IP/FW/Plus/IPSec 56 image
command set... I think you're outta luck, mate! About the best you can do
is setup a VPN of some sort, either to the Linux box (or maybe to the 2511),
and just telnet through the secure connection. An IPSec VPN wouldn't work
for you though if your issue is your employer's outbound firewalling (IP 50,
51, and UDP 500).... SecureCRT and VShell (www.vandyke.com I think) let you
do pretty cool port-forwarding stuff. I have had similar constraints, and
the best I could do in some cases was to run a remote control app on TCP
port 80, to a system on my home network consoled to the terminal server. I
wouldn't leave it up that way for too long tho, all those script kiddies on
the cable / dsl networks probing port 80 -- it's pretty annoying to say the
least....
Later,
Pete
----- Original Message -----
From: "P729" <p729@cox.net>
To: <kris.keen@aon.com.au>; <ccielab@groupstudy.com>
Sent: Wednesday, July 17, 2002 3:55 AM
Subject: Re: Cisco 2511 & SSH. CCIE Lab from home?
> Kris,
>
> I don't believe you can change the port the IOS implementation of SSH
server
> listens on (on the other hand, you can specify which port the IOS SSH
client
> connects to...)
>
> Can you set up a VNC server that listens on port 80?
>
> Or how about this for a hair-brained idea: Static PAT translation to a
> loopback address. I have no idea if it will work, but I didn't think
> one-armed NAT would work until I tried it. Something like: 'ip nat inside
> source static tcp <loopback_address> 22 <interface_address> 80
extendable,'
> 'ip nat outside' on the interface and 'ip nat inside' on the loopback.
>
> What do you think? Worth a try?
>
> Regards,
>
> Mas Kato
> https://ecardfile.com/id/mkato
> ----- Original Message -----
> From: <kris.keen@aon.com.au>
> To: <ccielab@groupstudy.com>
> Sent: Tuesday, July 16, 2002 8:38 PM
> Subject: OT: Cisco 2511 & SSH. CCIE Lab from home?
>
>
> > Hi All,
> >
> > Just a little 'nice to have' which I'm sure some of you already are
> > running. I have my Cisco rack at home, I'm using a Smoothwall linux box
to
> > port forward telnet requests to my home network which is housing a Cisco
> > 2511. The 2511 runs a private address. When I telnet to the public ip
> > address on the firewall, it shoots it out via telnet to my Cisco 2511
> > (using port forwarding) and away I go.. Telnet access works fine..
> >
> > However, behind the firewall at work, those ports are of course blocked
> (80
> > is let through) so my procedure doesnt work. What I'm thinking of is
using
> > SSH on my Cisco 2511 to listen on port 80 if at all possible, I could
then
> > SSH out from my work pc through the firewall on port 80, it hits the
> > Smoothwall firewall, port fowards 80 to port 80 behind the firewall
using
> > SSH and away I go :)
> >
> > Are you still with me? :)
> >
> > Question, Can I setup a Cisco 2511 to listen using SSH on port 80
instead
> > of plain old telnet? I'm running 12.1 IOS with 16/16 on the Router.
> > Objective is to lab stuff up at home from work.
> >
> > Ideas?
> >
> > Cheers
> >
> > -----------------------------------------------------------------
> > Kris Keen - CCNP, CCDP, CNE
> > Network Support Specialist - Network Systems
> > Aon Risk Services Australia Limited
> > (612) 9253 7272
> > 0404862970
> > E: Kris.Keen@aon.com.au
> >
> >
> >
> >
> >
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:34 GMT-3