Re: Cisco 2511 & SSH. CCIE Lab from home?

From: Pete Kowalsky (pkowalsky@xxxxxxx)
Date: Wed Jul 17 2002 - 15:29:52 GMT-3

   
Like I said, it's been a while since I had tried -- 12.1 or something...
Good to know it's in there now! ;-)

Regards,
Pete

----- Original Message -----
From: "Raymond Jett" <rajett@cisco.com>
To: "P729" <p729@cox.net>; "Pete Kowalsky" <pkowalsky@msn.com>;
<kris.keen@aon.com.au>; <ccielab@groupstudy.com>
Sent: Wednesday, July 17, 2002 2:24 PM
Subject: RE: Cisco 2511 & SSH. CCIE Lab from home?

> Funny....
>
> I use SSH on a 2512 to access my rack from anywhere in the world. ;)
>
> http://www.cisco.com/warp/public/707/ssh.shtml
>
> I'm running 12.2(5)... you need an IPSEC version of IOS.
>
> Raymond
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> P729
> Sent: Wednesday, July 17, 2002 12:53 PM
> To: Pete Kowalsky; kris.keen@aon.com.au; ccielab@groupstudy.com
> Subject: Re: Cisco 2511 & SSH. CCIE Lab from home?
>
>
> Yeah, every SSH-related release note I've read doesn't list the 2500 as
> supported, but there are sample configs in the TAC Tech Tips (not
> necessarily "TAC Certified") that show SSH commands in what are presumably
> 2500s. Crypto works, so why not? On the other hand, whether it works (or
> works well) vs. is "supported" or not, what can you say but "caveat
emptor."
> :)
>
> Regards,
>
> Mas Kato
> https://ecardfile.com/id/mkato
> ----- Original Message -----
> From: "Pete Kowalsky" <pkowalsky@msn.com>
> To: "P729" <p729@cox.net>; <kris.keen@aon.com.au>;
<ccielab@groupstudy.com>
> Sent: Wednesday, July 17, 2002 10:24 AM
> Subject: Re: Cisco 2511 & SSH. CCIE Lab from home?
>
>
> > Hey, that would be way cool -- if you could SSH to a 2500 series router.
> > According to this URL:
> >
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122
> > t/122t2/ftrevssh.htm#xtocid256035 , you cannot even set up SSH on a 2500
> > series router. Since it's been I while since I've tried, maybe someone
> can
> > give it a look, and see if it's even in the IP/FW/Plus/IPSec 56 image
> > command set... I think you're outta luck, mate! About the best you can
> do
> > is setup a VPN of some sort, either to the Linux box (or maybe to the
> 2511),
> > and just telnet through the secure connection. An IPSec VPN wouldn't
work
> > for you though if your issue is your employer's outbound firewalling (IP
> 50,
> > 51, and UDP 500).... SecureCRT and VShell (www.vandyke.com I think) let
> you
> > do pretty cool port-forwarding stuff. I have had similar constraints,
and
> > the best I could do in some cases was to run a remote control app on TCP
> > port 80, to a system on my home network consoled to the terminal server.
> I
> > wouldn't leave it up that way for too long tho, all those script kiddies
> on
> > the cable / dsl networks probing port 80 -- it's pretty annoying to say
> the
> > least....
> >
> > Later,
> > Pete
> >
> >
> > ----- Original Message -----
> > From: "P729" <p729@cox.net>
> > To: <kris.keen@aon.com.au>; <ccielab@groupstudy.com>
> > Sent: Wednesday, July 17, 2002 3:55 AM
> > Subject: Re: Cisco 2511 & SSH. CCIE Lab from home?
> >
> >
> > > Kris,
> > >
> > > I don't believe you can change the port the IOS implementation of SSH
> > server
> > > listens on (on the other hand, you can specify which port the IOS SSH
> > client
> > > connects to...)
> > >
> > > Can you set up a VNC server that listens on port 80?
> > >
> > > Or how about this for a hair-brained idea: Static PAT translation to a
> > > loopback address. I have no idea if it will work, but I didn't think
> > > one-armed NAT would work until I tried it. Something like: 'ip nat
> inside
> > > source static tcp <loopback_address> 22 <interface_address> 80
> > extendable,'
> > > 'ip nat outside' on the interface and 'ip nat inside' on the loopback.
> > >
> > > What do you think? Worth a try?
> > >
> > > Regards,
> > >
> > > Mas Kato
> > > https://ecardfile.com/id/mkato
> > > ----- Original Message -----
> > > From: <kris.keen@aon.com.au>
> > > To: <ccielab@groupstudy.com>
> > > Sent: Tuesday, July 16, 2002 8:38 PM
> > > Subject: OT: Cisco 2511 & SSH. CCIE Lab from home?
> > >
> > >
> > > > Hi All,
> > > >
> > > > Just a little 'nice to have' which I'm sure some of you already are
> > > > running. I have my Cisco rack at home, I'm using a Smoothwall linux
> box
> > to
> > > > port forward telnet requests to my home network which is housing a
> Cisco
> > > > 2511. The 2511 runs a private address. When I telnet to the public
ip
> > > > address on the firewall, it shoots it out via telnet to my Cisco
2511
> > > > (using port forwarding) and away I go.. Telnet access works fine..
> > > >
> > > > However, behind the firewall at work, those ports are of course
> blocked
> > > (80
> > > > is let through) so my procedure doesnt work. What I'm thinking of is
> > using
> > > > SSH on my Cisco 2511 to listen on port 80 if at all possible, I
could
> > then
> > > > SSH out from my work pc through the firewall on port 80, it hits the
> > > > Smoothwall firewall, port fowards 80 to port 80 behind the firewall
> > using
> > > > SSH and away I go :)
> > > >
> > > > Are you still with me? :)
> > > >
> > > > Question, Can I setup a Cisco 2511 to listen using SSH on port 80
> > instead
> > > > of plain old telnet? I'm running 12.1 IOS with 16/16 on the Router.
> > > > Objective is to lab stuff up at home from work.
> > > >
> > > > Ideas?
> > > >
> > > > Cheers
> > > >
> > > > -----------------------------------------------------------------
> > > > Kris Keen - CCNP, CCDP, CNE
> > > > Network Support Specialist - Network Systems
> > > > Aon Risk Services Australia Limited
> > > > (612) 9253 7272
> > > > 0404862970
> > > > E: Kris.Keen@aon.com.au
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:34 GMT-3