Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

IOS - setting source IP for SSH

0 views
Skip to first unread message

Chris Thomas

unread,
May 1, 2004, 8:36:45 PM5/1/04
to
Many IOS IP commands (eg, telnet) by default generate packets with
the source address of the interface through which they are sending.
My "ISP" (UCLA central services) is refusing packets with a source IP
address of the department - backbone DMZ for security reasons. I have
found a number of commands that allow one to change the behavior to
that of using some other interface (eg, Loopback0) for generated
traffic.

However, I can't figure out how to fix outbound ssh. The logical
command would be IP SSH SOURCE-INTERFACE LOOPBACK0, but this command
isn't valid on my 6500 (12.2(17d)SXB) and I can't find anything on
CCO. I see a couple of hits in Google indicating this may be a valid
command on small Cisco routers.

Help ...?

/Chris, UCLA

Hansang Bae

unread,
May 2, 2004, 3:51:07 PM5/2/04
to
In article <MPG.1afde279b...@news.mminternet.com>,
cth...@mminternet.com says...

If all else fails, just have route out through a loopback interface.
I.e. the exit interface now becomes the loopback.


--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
********************************************************************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
********************************************************************

Chris Thomas

unread,
May 2, 2004, 4:29:13 PM5/2/04
to
In article <MPG.1aff1b30...@news-server.nyc.rr.com>,
uo...@alp.ee.pbz says...

> In article <MPG.1afde279b...@news.mminternet.com>,
> cth...@mminternet.com says...
> > Many IOS IP commands (eg, telnet) by default generate packets with
> > the source address of the interface through which they are sending.
> > My "ISP" (UCLA central services) is refusing packets with a source IP
> > address of the department - backbone DMZ for security reasons. I have
> > found a number of commands that allow one to change the behavior to
> > that of using some other interface (eg, Loopback0) for generated
> > traffic.
> >
> > However, I can't figure out how to fix outbound ssh. The logical
> > command would be IP SSH SOURCE-INTERFACE LOOPBACK0, but this command
> > isn't valid on my 6500 (12.2(17d)SXB) and I can't find anything on
> > CCO. I see a couple of hits in Google indicating this may be a valid
> > command on small Cisco routers.
>
> If all else fails, just have route out through a loopback interface.
> I.e. the exit interface now becomes the loopback.

Hansang,
I'm not following what you are suggesting to try. Are you suggesting
a static route to Loopback0? Tnx.
/Chris

mh

unread,
May 2, 2004, 7:14:08 PM5/2/04
to
Well the IOS on Cisco 1200 wireless access point support the command
ip ssh source-interface

OURHOUSE-AP2(config)#ip ssh ?
authentication-retries Specify number of authentication retries
port Starting (or only) Port number to listen on
rsa Configure RSA keypair name for SSH
source-interface Specify interface for source address in SSH
connections
time-out Specify SSH time-out interval


Surprising that the 6500 IOS does not...

0 new messages