From: P729 (p729@xxxxxxx)
Date: Wed Jul 17 2002 - 14:53:29 GMT-3
Yeah, every SSH-related release note I've read doesn't list the 2500 as
supported, but there are sample configs in the TAC Tech Tips (not
necessarily "TAC Certified") that show SSH commands in what are presumably
2500s. Crypto works, so why not? On the other hand, whether it works (or
works well) vs. is "supported" or not, what can you say but "caveat emptor."
:)
Regards,
Mas Kato
https://ecardfile.com/id/mkato
----- Original Message -----
From: "Pete Kowalsky" <pkowalsky@msn.com>
To: "P729" <p729@cox.net>; <kris.keen@aon.com.au>; <ccielab@groupstudy.com>
Sent: Wednesday, July 17, 2002 10:24 AM
Subject: Re: Cisco 2511 & SSH. CCIE Lab from home?
> Hey, that would be way cool -- if you could SSH to a 2500 series router.
> According to this URL:
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122
> t/122t2/ftrevssh.htm#xtocid256035 , you cannot even set up SSH on a 2500
> series router. Since it's been I while since I've tried, maybe someone
can
> give it a look, and see if it's even in the IP/FW/Plus/IPSec 56 image
> command set... I think you're outta luck, mate! About the best you can
do
> is setup a VPN of some sort, either to the Linux box (or maybe to the
2511),
> and just telnet through the secure connection. An IPSec VPN wouldn't work
> for you though if your issue is your employer's outbound firewalling (IP
50,
> 51, and UDP 500).... SecureCRT and VShell (www.vandyke.com I think) let
you
> do pretty cool port-forwarding stuff. I have had similar constraints, and
> the best I could do in some cases was to run a remote control app on TCP
> port 80, to a system on my home network consoled to the terminal server.
I
> wouldn't leave it up that way for too long tho, all those script kiddies
on
> the cable / dsl networks probing port 80 -- it's pretty annoying to say
the
> least....
>
> Later,
> Pete
>
>
> ----- Original Message -----
> From: "P729" <p729@cox.net>
> To: <kris.keen@aon.com.au>; <ccielab@groupstudy.com>
> Sent: Wednesday, July 17, 2002 3:55 AM
> Subject: Re: Cisco 2511 & SSH. CCIE Lab from home?
>
>
> > Kris,
> >
> > I don't believe you can change the port the IOS implementation of SSH
> server
> > listens on (on the other hand, you can specify which port the IOS SSH
> client
> > connects to...)
> >
> > Can you set up a VNC server that listens on port 80?
> >
> > Or how about this for a hair-brained idea: Static PAT translation to a
> > loopback address. I have no idea if it will work, but I didn't think
> > one-armed NAT would work until I tried it. Something like: 'ip nat
inside
> > source static tcp <loopback_address> 22 <interface_address> 80
> extendable,'
> > 'ip nat outside' on the interface and 'ip nat inside' on the loopback.
> >
> > What do you think? Worth a try?
> >
> > Regards,
> >
> > Mas Kato
> > https://ecardfile.com/id/mkato
> > ----- Original Message -----
> > From: <kris.keen@aon.com.au>
> > To: <ccielab@groupstudy.com>
> > Sent: Tuesday, July 16, 2002 8:38 PM
> > Subject: OT: Cisco 2511 & SSH. CCIE Lab from home?
> >
> >
> > > Hi All,
> > >
> > > Just a little 'nice to have' which I'm sure some of you already are
> > > running. I have my Cisco rack at home, I'm using a Smoothwall linux
box
> to
> > > port forward telnet requests to my home network which is housing a
Cisco
> > > 2511. The 2511 runs a private address. When I telnet to the public ip
> > > address on the firewall, it shoots it out via telnet to my Cisco 2511
> > > (using port forwarding) and away I go.. Telnet access works fine..
> > >
> > > However, behind the firewall at work, those ports are of course
blocked
> > (80
> > > is let through) so my procedure doesnt work. What I'm thinking of is
> using
> > > SSH on my Cisco 2511 to listen on port 80 if at all possible, I could
> then
> > > SSH out from my work pc through the firewall on port 80, it hits the
> > > Smoothwall firewall, port fowards 80 to port 80 behind the firewall
> using
> > > SSH and away I go :)
> > >
> > > Are you still with me? :)
> > >
> > > Question, Can I setup a Cisco 2511 to listen using SSH on port 80
> instead
> > > of plain old telnet? I'm running 12.1 IOS with 16/16 on the Router.
> > > Objective is to lab stuff up at home from work.
> > >
> > > Ideas?
> > >
> > > Cheers
> > >
> > > -----------------------------------------------------------------
> > > Kris Keen - CCNP, CCDP, CNE
> > > Network Support Specialist - Network Systems
> > > Aon Risk Services Australia Limited
> > > (612) 9253 7272
> > > 0404862970
> > > E: Kris.Keen@aon.com.au
> > >
> > >
> > >
> > >
> > >
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:34 GMT-3