Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Access SSH - WAN ==> LAN with redirect port

Math78
Just browsing
‎May 25 2023 9:17 AM
‎May 25 2023 9:17 AM

Access SSH - WAN ==> LAN with redirect port

Hello,

 

I want to access my switch in SSH, from the Wan to my Lan. I created a port forwarding rule like these :

 

Math78_0-1685030661731.png

 

 

Math78_1-1685030814259.png

Math78_3-1685030934888.png

The SSH connection works in my LAN on the Ip address 192.168.1.3.

My Appliance is a Cisco MERAKI MX67 and my switch a Cisco CBS350

I use the Ip address from my ISP set without filtering on the MX.

Someone can help me ?

 

Thanks in advance,

 

Regards

 

 

 

Labels:
0 Kudos
10 Replies 10
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 25 2023 9:41 AM
‎May 25 2023 9:41 AM

Do you have any ACL configured on your switch?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Math78
Just browsing
‎May 25 2023 10:12 AM
‎May 25 2023 10:12 AM

At the moment no ACL on my switch.

Only 3 vlan, Vlan 1 native (Data) 192.168.1.0/24, Vlan 20 (Voice) 192.168.20.0/24 and Vlan 40 (Wifi) 192.168.40.0/24

 

0 Kudos
KarstenI
Kind of a big deal
Kind of a big deal
‎May 25 2023 1:03 PM
‎May 25 2023 1:03 PM

First, do a packet capture on the WAN to see if the session reaches the MX. Second, think about using a VPN for this task.

In response to KarstenI
Math78
Just browsing
‎May 26 2023 12:35 AM
‎May 26 2023 12:35 AM

Hello,

 

The session reaches the MX:

Math78_1-1685085805775.png

Math78_2-1685085996557.png

Math78_3-1685086078897.png

Math78_4-1685086175086.png

Math78_5-1685086272029.png

 

A VPN connection is required?

0 Kudos
In response to Math78
KarstenI
Kind of a big deal
Kind of a big deal
‎May 26 2023 2:26 AM
‎May 26 2023 2:26 AM

A VPN is not required, but will make it more secure.

Here it looks like no answer is coming back from the switch.

Can you ping the switch from the MX and does the Switch have a default-gateway pointing to the MX?

0 Kudos
In response to KarstenI
Math78
Just browsing
‎May 26 2023 3:13 AM
‎May 26 2023 3:13 AM

Yes I can ping the switch from the MX. 

Math78_0-1685095848771.png

The switch does have a gateway that points to the MX (192.168.1.254)

0 Kudos
In response to Math78
KarstenI
Kind of a big deal
Kind of a big deal
‎May 26 2023 3:51 AM
‎May 26 2023 3:51 AM

Then it is likely something in the Switch-config that it doesn't answer the SSH request from outside. Best to replace the switch with a Meraki switch. Then you are still in the right community ... 🙂

As a switch problem, the Cisco Community is likely the right place to ask. But likely no one will be upset if you show your CBS config for troubleshooting wile your Meraki Switch is not delivered. 🙂

In response to KarstenI
Math78
Just browsing
‎May 26 2023 7:03 AM
‎May 26 2023 7:03 AM

I can't show you the switch configuration at the moment, I'm not on the infrastructure site. Next week I will make a "running-config" copy of the CBS switch

0 Kudos
In response to Math78
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 26 2023 7:35 AM
‎May 26 2023 7:35 AM

Have tried creating an access profile?

 

 

alemabrahao_0-1685111676546.png

 

 

alemabrahao_1-1685111710331.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
Math78
Just browsing
‎May 26 2023 7:40 AM
‎May 26 2023 7:40 AM

I do not have remote access to the CBS interface, I will check this next week point, thank you very much for the help. I will keep you informed

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.