Public IPs for servers not accessible via ssh!

mugrene
Here to help

Public IPs for servers not accessible via ssh!

Dear Support;

I configured 1:1 NAT and I allowed ssh (TCP on port 22).

When I am inside my network, I can ssh into that server (with its public IP), but when I am out off office using another public IP I can't ssh into that server with its public IP

Kindly support me.

Find in attachment the config I did on my MX100 and its deployment settings

 
 

Server Configuration.PNG

 

 

Deployment settings on my MX100.PNG

 

 

4 REPLIES 4
ww
Kind of a big deal
Kind of a big deal

Do the other ports work from a remote ip?

 

Then try a packet capture on internet 2 tcp port 22 to see if a session comes in at wan2. If yes, also take a capture  on the lan port  to see the packet go to your server.

 

It can also happen that traffic is coming in wan2 and leave wan1 that can cause  issues. https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Utilizing_1%3A1_NAT_with_Link_Aggregatio...

DarrenOC
Kind of a big deal
Kind of a big deal

hi @mugrene , Firstly, happy new year.

 

I agree with @ww , that 1:1 NAT rule using WAN2 could be causing the issue.  Is that external iP coming in via WAN2?    If you run a packet capture on WAN1 or WAN2 do you see the requests come in?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
PhilipDAth
Kind of a big deal
Kind of a big deal

My personal guess - host-based firewall only allowing SSH connections from the local LAN.

DarrenOC
Kind of a big deal
Kind of a big deal

Good call @PhilipDAth 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels