RE: Cisco 2511 & SSH. CCIE Lab from home?

From: Raymond Jett (rajett@xxxxxxxxx)
Date: Wed Jul 17 2002 - 15:36:40 GMT-3

   
Yah... works great too...

806----e----2501----s----2512

Filter Telnet from coming in on the serial of the 2501... turn off CDP on
the 2501... and now I'm able to allow access to the 2512 and block access
from it to the rest of my network.

That will come in handy when I pass my lab and want to either rent out time
or let friends use it for studying...

Raymond

-----Original Message-----
From: Pete Kowalsky [mailto:pkowalsky@msn.com]
Sent: Wednesday, July 17, 2002 1:30 PM
To: rajett@cisco.com; 'groupstudy'
Subject: Re: Cisco 2511 & SSH. CCIE Lab from home?

Like I said, it's been a while since I had tried -- 12.1 or something...
Good to know it's in there now! ;-)

Regards,
Pete

----- Original Message -----
From: "Raymond Jett" <rajett@cisco.com>
To: "P729" <p729@cox.net>; "Pete Kowalsky" <pkowalsky@msn.com>;
<kris.keen@aon.com.au>; <ccielab@groupstudy.com>
Sent: Wednesday, July 17, 2002 2:24 PM
Subject: RE: Cisco 2511 & SSH. CCIE Lab from home?

> Funny....
>
> I use SSH on a 2512 to access my rack from anywhere in the world. ;)
>
> http://www.cisco.com/warp/public/707/ssh.shtml
>
> I'm running 12.2(5)... you need an IPSEC version of IOS.
>
> Raymond
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> P729
> Sent: Wednesday, July 17, 2002 12:53 PM
> To: Pete Kowalsky; kris.keen@aon.com.au; ccielab@groupstudy.com
> Subject: Re: Cisco 2511 & SSH. CCIE Lab from home?
>
>
> Yeah, every SSH-related release note I've read doesn't list the 2500 as
> supported, but there are sample configs in the TAC Tech Tips (not
> necessarily "TAC Certified") that show SSH commands in what are presumably
> 2500s. Crypto works, so why not? On the other hand, whether it works (or
> works well) vs. is "supported" or not, what can you say but "caveat
emptor."
> :)
>
> Regards,
>
> Mas Kato
> https://ecardfile.com/id/mkato
> ----- Original Message -----
> From: "Pete Kowalsky" <pkowalsky@msn.com>
> To: "P729" <p729@cox.net>; <kris.keen@aon.com.au>;
<ccielab@groupstudy.com>
> Sent: Wednesday, July 17, 2002 10:24 AM
> Subject: Re: Cisco 2511 & SSH. CCIE Lab from home?
>
>
> > Hey, that would be way cool -- if you could SSH to a 2500 series router.
> > According to this URL:
> >
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122
> > t/122t2/ftrevssh.htm#xtocid256035 , you cannot even set up SSH on a 2500
> > series router. Since it's been I while since I've tried, maybe someone
> can
> > give it a look, and see if it's even in the IP/FW/Plus/IPSec 56 image
> > command set... I think you're outta luck, mate! About the best you can
> do
> > is setup a VPN of some sort, either to the Linux box (or maybe to the
> 2511),
> > and just telnet through the secure connection. An IPSec VPN wouldn't
work
> > for you though if your issue is your employer's outbound firewalling (IP
> 50,
> > 51, and UDP 500).... SecureCRT and VShell (www.vandyke.com I think) let
> you
> > do pretty cool port-forwarding stuff. I have had similar constraints,
and
> > the best I could do in some cases was to run a remote control app on TCP
> > port 80, to a system on my home network consoled to the terminal server.
> I
> > wouldn't leave it up that way for too long tho, all those script kiddies
> on
> > the cable / dsl networks probing port 80 -- it's pretty annoying to say
> the
> > least....
> >
> > Later,
> > Pete
> >
> >
> > ----- Original Message -----
> > From: "P729" <p729@cox.net>
> > To: <kris.keen@aon.com.au>; <ccielab@groupstudy.com>
> > Sent: Wednesday, July 17, 2002 3:55 AM
> > Subject: Re: Cisco 2511 & SSH. CCIE Lab from home?
> >
> >
> > > Kris,
> > >
> > > I don't believe you can change the port the IOS implementation of SSH
> > server
> > > listens on (on the other hand, you can specify which port the IOS SSH
> > client
> > > connects to...)
> > >
> > > Can you set up a VNC server that listens on port 80?
> > >
> > > Or how about this for a hair-brained idea: Static PAT translation to a
> > > loopback address. I have no idea if it will work, but I didn't think
> > > one-armed NAT would work until I tried it. Something like: 'ip nat
> inside
> > > source static tcp <loopback_address> 22 <interface_address> 80
> > extendable,'
> > > 'ip nat outside' on the interface and 'ip nat inside' on the loopback.
> > >
> > > What do you think? Worth a try?
> > >
> > > Regards,
> > >
> > > Mas Kato
> > > https://ecardfile.com/id/mkato
> > > ----- Original Message -----
> > > From: <kris.keen@aon.com.au>
> > > To: <ccielab@groupstudy.com>
> > > Sent: Tuesday, July 16, 2002 8:38 PM
> > > Subject: OT: Cisco 2511 & SSH. CCIE Lab from home?
> > >
> > >
> > > > Hi All,
> > > >
> > > > Just a little 'nice to have' which I'm sure some of you already are
> > > > running. I have my Cisco rack at home, I'm using a Smoothwall linux
> box
> > to
> > > > port forward telnet requests to my home network which is housing a
> Cisco
> > > > 2511. The 2511 runs a private address. When I telnet to the public
ip
> > > > address on the firewall, it shoots it out via telnet to my Cisco
2511
> > > > (using port forwarding) and away I go.. Telnet access works fine..
> > > >
> > > > However, behind the firewall at work, those ports are of course
> blocked
> > > (80
> > > > is let through) so my procedure doesnt work. What I'm thinking of is
> > using
> > > > SSH on my Cisco 2511 to listen on port 80 if at all possible, I
could
> > then
> > > > SSH out from my work pc through the firewall on port 80, it hits the
> > > > Smoothwall firewall, port fowards 80 to port 80 behind the firewall
> > using
> > > > SSH and away I go :)
> > > >
> > > > Are you still with me? :)
> > > >
> > > > Question, Can I setup a Cisco 2511 to listen using SSH on port 80
> > instead
> > > > of plain old telnet? I'm running 12.1 IOS with 16/16 on the Router.
> > > > Objective is to lab stuff up at home from work.
> > > >
> > > > Ideas?
> > > >
> > > > Cheers
> > > >
> > > > -----------------------------------------------------------------
> > > > Kris Keen - CCNP, CCDP, CNE
> > > > Network Support Specialist - Network Systems
> > > > Aon Risk Services Australia Limited
> > > > (612) 9253 7272
> > > > 0404862970
> > > > E: Kris.Keen@aon.com.au
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:34 GMT-3