Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1962
Views
0
Helpful
3
Replies

Access List for blocking External IP

techguy
Level 4
Level 4

‎10-15-2011 01:41 AM - edited ‎02-21-2020 04:29 AM

Hi,

Can I block external access to my router from telnetting/sshing?  I mean to say if telco gave me public ip address (either via static or dynamic) on my wan port. How can I restrict anyone to access my router by that public ip address. Thanks

0 Helpful
3 Replies 3

smitesh kharecha
Level 5
Level 5

‎10-15-2011 03:44 AM

Just create a access-list, which only allows known IP address to login to the device and apply it to line vty 0 4.

HTH,

Smitesh

0 Helpful

techguy
Level 4
Level 4
In response to smitesh kharecha

‎10-15-2011 10:46 AM

what do you mean by known ip address?. I think it must be a single deny command (explicitly or implicitly) on vty terminals

0 Helpful

smitesh kharecha
Level 5
Level 5
In response to techguy

‎10-15-2011 08:55 PM

Hi,

As for emergency situtation (for example, you want to access router, but you are at home) you might want to keep certain IP's allowed rather than blocking everything.

Regards,

Smitesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card