Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
526
Views
0
Helpful
1
Replies
Highlighted
stancu8
Beginner
Beginner
‎07-06-2020 02:38 AM
‎07-06-2020 02:38 AM

ACL C2911 problem

Hi,

I faced strange problem on my router 2911/K9. 

ACL deny ssh traffic with correct IP address.

When I look into my syslog I can see that ACL denied traffic form correct IP to various addresses which begin with 32.x.x.x, 31.x.x.x, 61.x.x.x etc.

 

Those addresses were not confiured anywhere. All my adresses start with 10.x.x.x.

 

In show access-list I can see that 1 packet is matching correct entry, but second is denied with this strange IP, which is different every single time.

 

IOS - 15.7(3)M6. 

 

Anyone faced same behaviour?

Labels:
0 Helpful
1 REPLY 1
Highlighted
julian.bendix
Beginner
Beginner
‎08-02-2020 03:40 AM
‎08-02-2020 03:40 AM

Hi!

Not sure if I understand you properly.

So you see in your Router's Logs that IP addresses from your internal network try to SSH to various public IPs and that seems to be denied by your router?

Best regards
Juls

0 Helpful
Latest Contents
CCIE Security and Practical Applications in Today’s Network:...
Created by Cisco Moderador on 10-29-2020 12:40 PM
0
10
0
10
Meet the Authors Event - CCIE Security and Practical Applications in Today’s Network: Zero Trust (Live event – Thursday, 29th, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 6:00 p.m. Paris) This event had place on Thursday 29th, October 2020 at 10hrs P... view more
Get more with Firepower 6.6.1 – Cisco’s latest suggested rel...
Created by csaxena on 10-27-2020 03:28 PM
0
15
0
15
Get more with Firepower 6.6.1 – Cisco’s latest suggested release The latest suggested release for Firepower delivers a Modernized UI, faster eventing, improved usability, and compatibility with the Cisco SecureX platform   In September 2020, Cisco of... view more
ISE pxGrid General Information & FAQ
Created by Jason Kunst on 10-27-2020 01:04 PM
0
0
0
0
This is a work in progress. I will be working as the SME for pxGrid to update some questions, answers and general information here as time permits. In my setup I see pending approvals under Web clients but also All Client? In pxGrid 1.0, we have “Dynam... view more
AWS ASAv Unable to login in - key exchange method not found.
Created by RohitGupta857 on 10-26-2020 03:35 PM
8
0
8
0
I am not able to login to the ASAv device on AWS. I get the following message when I try from another EC2 (ubuntu 16.04) no matching key exchange method found. Their offer: diffie-hellman-group14-sha256 When I try from my Mac - I just get n... view more
Adding a disclaimer to indicate TLS successful outbound.
Created by Tony Kilbarger on 10-26-2020 11:09 AM
0
0
0
0
Question.  Our legal folks have asked if it is possible to add a footer to outbound email if it went out via TLS.  So if it successfully negotiates TLS, can we add a footer that says "Sent successfully via TLS 1.2".  Is this possible? ... view more
Content for Community-Ad

This widget could not be displayed.