site to site connectivity between branch and HO

mahesh.katariya · ‎11-23-2021

HO router getting ssh request from outside so i want to block the ssh traffic from outside but i want to allow ssh traffic from branch side and tunnel between branch and HO so how to configure ACL on HO router so i block the ssh traffic from outside but branch get ssh access of HO router.

Kindly suggest referance acl configuration

paul driver · ‎11-23-2021

Hello
you could possibly utilise MPP (management plane protection) to specify what interface allows what mgt protocol

example:
conf t
control-plane
management-plane
allow xxx interface xxxx
commit

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

mahesh.katariya · ‎11-23-2021

i want to configure acl so how can i configure

i am configuring referance acl as

ip access-list extended ssh_block

permit tcp tunnel_ip of branch WAN_IP_OF_HO eq 22

deny tcp any WAN_IP_HO eq 22

permit ip any any

int eth0/0---> WAN LINk connected on interface

ip access-group ssh_block in

My acl is correct or not ?

paul driver · ‎11-23-2021

Hello
If its internal to the rtr then apply the acl ingress on the physical interface, However if you want to negate ssh directly to the wan rtr itself then apply it to the vty lines.

Lastly your ACL does look correct

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul