ACL on dynamic IP address

network770 · ‎05-02-2011

We have a Cisco 800 router facing the Internet and the public IP is given dynamically from the ISP, so it's subject to change.

We need to have acl's only to allow specific sites to access the 800 from the outside, but the problem we cannot lock down the acl to a specific public ip as it is changing every so many months. Is there a workaround for this?

paolo bevilacqua · ‎05-02-2011

Define "access the 800" please ?

network770 · ‎05-02-2011

Sorry for my ambiguity...

I meant management access using SSH.

so we are looking to have acl's on the cisco 800 router such as:

access-list 100 permit ip host host eq 22

and apply this to the internet facing interface, but the problem is that we cannot hard code the cisco800 public ip address as it changes given it is dhcp.

so how do we restrict management access to the router based on the ip address if it is not static?

paolo bevilacqua · ‎05-02-2011

Configure standard (not extended) ACL, and apply as access-class under vty.

network770 · ‎05-03-2011

Can you send me an example please.

So let's say I am looking to manage this router (ssh) from : 1.1.1.0\24 (whic is a different site over the Internet)

and the cisco 800 router dynamic ip address is : 2.2.2.2 but that could change in a month time

what is the config like?

mrdogantr · ‎05-03-2011

Hi,

Can you try to below.

access-list 100 permit ip host any eq 22

line vty 0 4

access-class 100 in

hth

Muammer