12-26-2014 03:43 PM - edited 03-05-2019 12:27 AM
Hello all from Denmark :)
I want to block ssh on my wan port, so that no one can access my router from the outside.
Everybody says that make an access-list and apply on the vty lines. But i think i found a good way to block it without making access-list in the vty line.
I did
ip access-list extended DENIED_SSH_ACCESS
deny tcp any host MY_INTERNAL_IP eq 22
permit ip any any
And then apply it, on my wan interface
interface fastethernet 4
ip access-group DENIED_SSH_ACCESS in
If i use my port scanner. Port 22 wont show as open wich i think its good think to protect my network. But if i make a access-list in the vty lines allowing only my local network to access and deny everything else, my port scanner vill show port 22 as open. I have used my 4g internet connection from my iphone to test this and it works.
Is there any problem using my methode, instead of using access-list in the vty lines?
Hope you understand my question, my writing skills in english sucks abit and i am training for my CCNA routing and switching certification ! :)
Solved! Go to Solution.