Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1341
Views
0
Helpful
1
Replies

Basic ACL giving me trouble - 2620 router block SSH from outside

averheaghe
Level 1
Level 1

‎10-11-2010 08:32 AM - edited ‎03-04-2019 10:03 AM

We have an old 2620 router that acts as an Internet router at one of our sites. Currently it only accepts SSH connections. We want to block SSH from the

outside, and only allow management from inside the network. I have tried an acl that denys SSH and permits TCP any on the inbound serial interface, but it stops all traffic.

How can I limit mgmt of the router to only internal?

Thanks,

Andy

Labels:
0 Helpful
1 Reply 1

gatlin007
Level 4
Level 4

‎10-11-2010 08:37 AM

This ACL should not go on an interface.  This ACL should be installed on the VTY lines.

For example if you only want to allow SSH access from 10.10.10.0/24 try the following.  This applies to all VTY access; for instance if you also allow telnet it would also apply to that as well.

access-list 82 remark *** Protect VTY ***
access-list 82 permit 10.10.10.0 0.0.0.255

line vty 0 4
access-class 82 in
exit


Chris

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card