Access SSH - WAN ==> LAN with redirect port

Math78
Just browsing

Access SSH - WAN ==> LAN with redirect port

Hello,

 

I want to access my switch in SSH, from the Wan to my Lan. I created a port forwarding rule like these :

 

Math78_0-1685030661731.png

 

 

Math78_1-1685030814259.png

Math78_3-1685030934888.png

The SSH connection works in my LAN on the Ip address 192.168.1.3.

My Appliance is a Cisco MERAKI MX67 and my switch a Cisco CBS350

I use the Ip address from my ISP set without filtering on the MX.

Someone can help me ?

 

Thanks in advance,

 

Regards

 

 

 

10 Replies 10
alemabrahao
Kind of a big deal
Kind of a big deal

Do you have any ACL configured on your switch?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

At the moment no ACL on my switch.

Only 3 vlan, Vlan 1 native (Data) 192.168.1.0/24, Vlan 20 (Voice) 192.168.20.0/24 and Vlan 40 (Wifi) 192.168.40.0/24

 

KarstenI
Kind of a big deal
Kind of a big deal

First, do a packet capture on the WAN to see if the session reaches the MX. Second, think about using a VPN for this task.

Hello,

 

The session reaches the MX:

Math78_1-1685085805775.png

Math78_2-1685085996557.png

Math78_3-1685086078897.png

Math78_4-1685086175086.png

Math78_5-1685086272029.png

 

A VPN connection is required?

KarstenI
Kind of a big deal
Kind of a big deal

A VPN is not required, but will make it more secure.

Here it looks like no answer is coming back from the switch.

Can you ping the switch from the MX and does the Switch have a default-gateway pointing to the MX?

Yes I can ping the switch from the MX. 

Math78_0-1685095848771.png

The switch does have a gateway that points to the MX (192.168.1.254)

KarstenI
Kind of a big deal
Kind of a big deal

Then it is likely something in the Switch-config that it doesn't answer the SSH request from outside. Best to replace the switch with a Meraki switch. Then you are still in the right community ... 🙂

As a switch problem, the Cisco Community is likely the right place to ask. But likely no one will be upset if you show your CBS config for troubleshooting wile your Meraki Switch is not delivered. 🙂

I can't show you the switch configuration at the moment, I'm not on the infrastructure site. Next week I will make a "running-config" copy of the CBS switch

alemabrahao
Kind of a big deal
Kind of a big deal

Have tried creating an access profile?

 

 

alemabrahao_0-1685111676546.png

 

 

alemabrahao_1-1685111710331.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

I do not have remote access to the CBS interface, I will check this next week point, thank you very much for the help. I will keep you informed

Get notified when there are additional replies to this discussion.