Announcement

Collapse
No announcement yet.

Unable to SSH externally

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to SSH externally

    Hi,

    OK so I've configured dozens of Cisco Routers yet I've never had this problem before:

    I have configured an 877 and it is implemented at a site. Prior to implementation everything was tested and worked fine. On site, it was again tested. No problems. When I got back to the office I tried to SSH into the box and received timeout after timeout yet it would respond to a ping. Now, it WAS working because my iPhone could access it using touchterm (and there is no wireless so it was definitely going over the public network). The only explanation to that behaviour I can think of is that the router reloaded and maybe I didn't save the config when the SSH was working resulting in it being lost upon reload.

    Therefore, it is most likely something I have missed and keep missing when I read the config but it "looks" identical to other configs I have on my TFTP server. So I'm hoping someone here can point out the error in my ways.

    Anyway, see the below config and please help if you can.

    Current configuration : 5585 bytes
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname erewashpartnership-rtr1
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    !
    no aaa new-model
    !
    crypto pki trustpoint TP-self-signed-646589862
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-646589862
    revocation-check none
    rsakeypair TP-self-signed-646589862
    !
    !
    crypto pki certificate chain TP-self-signed-646589862
    certificate self-signed 01
    3082025E 308201C7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 36343635 38393836 32301E17 0D303230 33303230 32303633
    345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
    532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3634 36353839
    38363230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
    9EC6D036 446CC9AE 8712E8FD AB1BB851 4F770508 F22035A5 E4FA2E8A 8E540F02
    D07F6CA1 10A4DC5C 18B10E68 E02DF5E9 E61E12FA 4BDD89C6 DCFA8C94 C600E109
    442FA28F D9AF89A4 0A82294B E563E3FB 1C6CEA9C 883F873B D574D840 68D9FF0B
    C33FB3B8 9026FBA5 35B0129D EE7112A5 C8F46947 0869158E 5C053221 2A3ECF21
    02030100 01A38187 30818430 0F060355 1D130101 FF040530 030101FF 30310603
    551D1104 2A302882 26657265 77617368 70617274 6E657273 6869702D 72747231
    2E796F75 72646F6D 61696E2E 636F6D30 1F060355 1D230418 30168014 11E16CCF
    DEF7652D 84C20413 E2B02A70 801BCD6B 301D0603 551D0E04 16041411 E16CCFDE
    F7652D84 C20413E2 B02A7080 1BCD6B30 0D06092A 864886F7 0D010104 05000381
    8100027F EDAF6ABC 716066F8 6030B63E B0DF1C66 8E2043D2 0B737D82 EC79C79B
    B0836F62 7461C4D9 FB4C7659 1A985D74 80072958 962A17EE 870588B8 CDB7AB74
    0C49A265 407F35F1 C17CE946 E68258B2 0B50DBB3 07CFE337 2CEDC031 931147C9
    DAC87BBE 7B996B0A 9E2E3E80 B1DFAA3C FD778726 7D78F816 DEA64410 5A110802 BD31
    quit
    dot11 syslog
    ip cef
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 10.10.0.1
    ip dhcp excluded-address 10.10.0.2
    ip dhcp excluded-address 10.10.1.1
    ip dhcp excluded-address 10.10.2.1
    ip dhcp excluded-address 10.10.3.1
    ip dhcp excluded-address 10.10.4.1
    ip dhcp excluded-address 10.10.5.1
    ip dhcp excluded-address 10.10.6.1
    ip dhcp excluded-address 10.10.7.1
    ip dhcp excluded-address 10.10.8.1
    ip dhcp excluded-address 10.10.9.1
    !
    ip dhcp pool ccp-pool
    import all
    network 10.10.0.0 255.255.255.248
    default-router 10.10.0.1
    dns-server 8.8.8.8 8.8.4.4
    lease 0 2
    !
    ip dhcp pool VLAN-19
    network 10.10.9.0 255.255.255.0
    default-router 10.10.9.1
    dns-server 8.8.8.8 8.8.4.4
    !
    ip dhcp pool VLAN-17
    network 10.10.7.0 255.255.255.0
    default-router 10.10.7.1
    dns-server 8.8.8.8 8.8.4.4
    !
    ip dhcp pool VLAN-13
    network 10.10.3.0 255.255.255.0
    default-router 10.10.3.1
    dns-server 8.8.8.8 8.8.4.4
    !
    !
    ip domain name erewashpt.net
    ip name-server 8.8.8.8
    ip name-server 8.8.4.4
    !
    multilink bundle-name authenticated
    !
    !
    username [REMOVED]
    !
    !
    archive
    log config
    hidekeys
    !
    !
    ip ssh version 2
    !
    !
    !
    interface ATM0
    description -- ADSL CONNECTION --
    no ip address
    ip virtual-reassembly
    no atm ilmi-keepalive
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    dsl operating-mode auto
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    shutdown
    !
    interface FastEthernet2
    shutdown
    !
    interface FastEthernet3
    description $$ TRUNK TO SWITCH 1 $$
    switchport trunk allowed vlan 1,2,13,17,19,1002-1005
    switchport mode trunk
    !
    interface Vlan1
    description $$ NATIVE $$
    ip address 10.10.0.1 255.255.255.248
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    !
    interface Vlan13
    description $$ UNIT 3 LAN $$
    ip address 10.10.3.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !
    interface Vlan17
    description $$ UNIT 7 LAN $$
    ip address 10.10.7.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !
    interface Vlan19
    description $$ UNIT 9 LAN $$
    ip address 10.10.9.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !
    interface Dialer1
    mtu 1492
    ip address negotiated
    ip access-group 100 in
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname [REMOVED]
    ppp chap password 7 [REMOVED]
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Dialer1
    !
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 1 interface Dialer1 overload
    !
    access-list 1 permit any
    access-list 100 remark $$ DIALER 1 INTERFACE $$
    access-list 100 permit ip any any
    access-list 100 permit tcp any any
    access-list 100 permit udp any any
    access-list 101 remark $$ External SSH Access $$
    access-list 101 permit tcp any any eq 22
    dialer-list 1 protocol ip permit
    no cdp run
    !
    !
    !
    !
    control-plane
    !
    !line con 0
    login local
    no modem enable
    line aux 0
    line vty 0 4
    access-class 101 in
    exec-timeout 9 0
    privilege level 0
    login local
    transport input ssh
    !
    scheduler max-task-time 5000
    end
Working...
X