Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1156
Views
0
Helpful
4
Replies

Attacks by Telnet

oscar.cuevas1
Level 1
Level 1

‎07-01-2016 09:29 AM - edited ‎03-08-2019 06:27 AM

I have attacks by telnet and I don't know how to finish that.

that are the logs:

T_MODE_ON: Still timeleft for watching failures is 1 secs, [user: root] [Source: 93.155.246.71] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 15:59:07 CST Tue Jun 28 2016
[syslog@9 s_sn="25680" s_tc="225243"]: *Jun 28 15:59:27: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 89.80.36.3] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 15:59:27 CST Tue Jun 28 2016
[syslog@9 s_sn="25681" s_tc="225301"]: *Jun 28 16:23:12: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 85.172.10.32] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 16:23:12 CST Tue Jun 28 2016
[syslog@9 s_sn="25682" s_tc="225302"]: *Jun 28 16:23:38: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 218.253.242.146] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 16:23:38 CST Tue Jun 28 2016
[syslog@9 s_sn="25683" s_tc="225304"]: *Jun 28 16:51:07: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 1 secs, [user: root] [Source: 220.132.69.225] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 16:51:07 CST Tue Jun 28 2016
[syslog@9 s_sn="25684" s_tc="225305"]: *Jun 28 16:51:07: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 190.188.7.32] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 16:51:07 CST Tue Jun 28 2016
[syslog@9 s_sn="25685" s_tc="225306"]: *Jun 28 16:51:12: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 95.70.201.83] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 16:51:12 CST Tue Jun 28 2016
[syslog@9 s_sn="25686" s_tc="225307"]: *Jun 28 16:51:20: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 179.221.112.118] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 16:51:20 CST Tue Jun 28 2016
[syslog@9 s_sn="25687" s_tc="225515"]: *Jun 28 18:06:48: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 190.253.86.237] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 18:06:48 CST Tue Jun 28 2016
[syslog@9 s_sn="25688" s_tc="225516"]: *Jun 28 18:06:53: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 116.102.31.75] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 18:06:53 CST Tue Jun 28 2016
[syslog@9 s_sn="25689" s_tc="225517"]: *Jun 28 18:07:14: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: admin] [Source: 50.250.122.33] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 18:07:14 CST Tue Jun 28 2016
[syslog@9 s_sn="25690" s_tc="225518"]: *Jun 28 18:07:27: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 31.25.129.116] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 18:07:27 CST Tue Jun 28 2016
[syslog@9 s_sn="25691" s_tc="225615"]: *Jun 28 18:22:03: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: asicre] [Source: 189.202.52.29] [localport: 443] [Reason: Login Authentication Failed] [ACL: TELNET] at 18:22:03 CST Tue Jun 28 2016
[syslog@9 s_sn="25692" s_tc="225754"]: *Jun 28 19:04:10: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 1 secs, [user: root] [Source: 111.185.236.127] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 19:04:10 CST Tue Jun 28 2016
[syslog@9 s_sn="25693" s_tc="225755"]: *Jun 28 19:04:25: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 39.184.168.73] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 19:04:25 CST Tue Jun 28 2016
[syslog@9 s_sn="25694" s_tc="225937"]: *Jun 28 20:02:23: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 130.204.194.228] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 20:02:23 CST Tue Jun 28 2016
[syslog@9 s_sn="25695" s_tc="225938"]: *Jun 28 20:02:39: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 94.98.62.106] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 20:02:39 CST Tue Jun 28 2016
[syslog@9 s_sn="25696" s_tc="225939"]: *Jun 28 20:02:39: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 94.98.62.106] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 20:02:39 CST Tue Jun 28 2016
[syslog@9 s_sn="25697" s_tc="225940"]: *Jun 28 20:02:47: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: admin] [Source: 78.188.167.34] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 20:02:47 CST Tue Jun 28 2016
[syslog@9 s_sn="25698" s_tc="226053"]: *Jun 28 20:45:38: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: admin] [Source: 94.178.104.172] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 20:45:38 CST Tue Jun 28 2016
[syslog@9 s_sn="25699" s_tc="226164"]: *Jun 28 21:07:23: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 2 secs, [user: root] [Source: 24.23.197.68] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 21:07:23 CST Tue Jun 28 2016
[syslog@9 s_sn="25700" s_tc="226193"]: *Jun 28 21:07:45: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 109.67.143.15] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 21:07:45 CST Tue Jun 28 2016
[syslog@9 s_sn="25701" s_tc="226194"]: *Jun 28 21:07:46: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 109.67.143.15] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 21:07:46 CST Tue Jun 28 2016
[syslog@9 s_sn="25702" s_tc="226224"]: *Jun 28 21:33:31: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 108.188.206.193] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 21:33:31 CST Tue Jun 28 2016
[syslog@9 s_sn="25703" s_tc="226225"]: *Jun 28 21:33:50: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: root] [Source: 200.138.66.37] [localport: 23] [Reason: Login Authentication Failed] [ACL: TELNET] at 21:33:50 CST Tue Jun 28 2016

Thanks for your help!

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎07-01-2016 09:44 AM

You need to deploy an access list on the interface to block it.

Reza

0 Helpful

oscar.cuevas1
Level 1
Level 1
In response to Reza Sharifi

‎07-01-2016 10:07 AM

I have this ACL.

Extended IP access list TELNET
5 deny ip host 185.92.72.32 any
6 deny ip host 188.0.236.138 any
7 deny tcp any eq www any
8 deny tcp any any eq www
9 deny tcp any any eq telnet (607 matches)
11 deny tcp any eq telnet any
12 deny tcp any eq 443 any
13 deny tcp any any eq 443
14 permit ip 148.245.131.0 0.0.0.255 any
20 permit ip 148.243.34.0 0.0.0.255 any
30 permit ip 148.233.175.0 0.0.0.15 any
40 permit ip 187.141.32.112 0.0.0.15 any
50 permit ip host 187.141.32.126 any
55 permit tcp host 189.205.237.63 any (18 matches)
56 permit tcp host 187.167.215.117 any
60 permit ip host 10.0.0.18 any (8 matches)
70 permit ip host 148.233.175.197 any
80 permit ip host 10.0.3.1 any (66 matches)
90 permit ip host 187.242.255.26 any (6 matches)

but I wish mitigate the attacks

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to oscar.cuevas1

‎07-01-2016 10:29 AM

What interface the access list is applied to?

Can you provide "sh run" from the router?

0 Helpful

oscar.cuevas1
Level 1
Level 1
In response to Reza Sharifi

‎07-01-2016 11:55 AM

Building configuration...

Current configuration : 16148 bytes
!
! Last configuration change at 10:08:18 CST Fri Jul 1 2016 by vbernal
version 15.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname VNRO-CON-01
!
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.152-3.T4.bin
boot-end-marker
!
!

!
aaa new-model
!
!
aaa group server radius CON-IAS
server 10.0.2.55 auth-port 1812
server 10.0.2.56 auth-port 1812
!
aaa authentication login default local
aaa authentication login RADIUS-CON group CON-IAS
aaa authentication login userAuth group CON-IAS
aaa authorization exec default local
aaa authorization network groupauthor local
aaa authorization network RADIUS-CON group CON-IAS
aaa accounting session-duration ntp-adjusted
aaa accounting network default
action-type stop-only
group CON-IAS
!
aaa accounting resource default
action-type start-stop-failure
group CON-IAS
!
!
!
!
!
!
aaa session-id common
!
clock timezone CST -6 0
clock summer-time CST recurring 1 Sun Apr 2:00 last Sun Oct 2:00
!
no ipv6 cef
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
!
!
no ip bootp server
no ip domain lookup
ip domain name construmac.com
ip cef
login block-for 1200 attempts 3 within 3
login delay 3
login quiet-mode access-class TELNET
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed
enrollment selfsigned
subject-name cn=TP-self-signed
revocation-check none
rsakeypair TP-self-signed
!
!
crypto pki certificate chain TP-self-signed

license udi pid CISCO2911/K9 sn FTX1445A11P

redundancy
!
!
!
!
!
ip tcp synwait-time 15
ip telnet source-interface GigabitEthernet0/0
ip ftp username mileniumkid
ip ftp password 7 1016581C0716460D5A5C2E
ip ssh time-out 50
ip ssh source-interface Multilink2
ip ssh version 2
!
!
crypto vpn anyconnect flash0:/webvpn/anyconnect-win-3.1.05152-k9.pkg sequence 1
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes
authentication pre-share
group 2
!
crypto isakmp client configuration group construmac
key VPNcon102030!
dns 10.0.2.55 10.0.2.56
wins 10.0.2.55 10.0.2.56
domain construmac.com
pool VPN-POOL
acl ALLOW-IP
max-logins 10
netmask 255.255.255.0
!

!
!
crypto ipsec transform-set set-construmac esp-aes esp-sha-hmac
mode tunnel
crypto ipsec transform-set lannet esp-aes esp-sha-hmac
mode tunnel
!
!
!
crypto dynamic-map lannet 2
set transform-set lannet
!
crypto dynamic-map map-construmac 1
set transform-set set-construmac

interface Loopback0
ip address 10.1.94.1 255.255.255.0
!
interface Multilink2
bandwidth 10000
ip address
ip accounting output-packets
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
load-interval 60
no peer neighbor-route
no peer default ip address
ppp multilink
ppp multilink interleave
ppp multilink group 2
no cdp enable
crypto map clientmap
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description CONEXION CON 4500
ip address
ip access-group GIG0/0 out
no ip redirects
no ip proxy-arp
ip flow ingress
ip flow egress
ip verify unicast source reachable-via rx allow-default
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
description CONEXCION CON FIREWALL
ip address
ip accounting output-packets
ip nbar protocol-discovery
ip flow ingress
ip flow egress
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/1/0
bandwidth 4000
no ip address
encapsulation ppp
load-interval 60
no peer neighbor-route
no peer default ip address
ppp multilink
ppp multilink group 2
ppp multilink multiclass
down-when-looped
clock rate 4000000
no cdp enable
!
interface Serial0/3/0
bandwidth 4000
no ip address
encapsulation ppp
load-interval 60
no peer neighbor-route
no peer default ip address
ppp multilink
ppp multilink group 2
ppp multilink multiclass
down-when-looped
clock rate 4000000
no cdp enable
!
interface Serial0/3/1
bandwidth 4000
no ip address
encapsulation ppp
load-interval 60
no peer neighbor-route
no peer default ip address
ppp multilink
ppp multilink group 2
ppp multilink multiclass
down-when-looped
clock rate 4000000
no cdp enable
!
interface Virtual-Template1
ip unnumbered Multilink2
!
ip local pool VPN-POOL
ip local pool SVC-POOL
ip forward-protocol nd
!
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-export source GigabitEthernet0/0
ip flow-export version 9
ip flow-export template options export-stats
ip flow-export interface-names
ip flow-export destination 192.168.3.14 9995
!
ip nat inside source static 192.167.200.1 201.144.204.9
ip route 0.0.0.0 0.0.0.0 10.0.0.18
ip route 10.0.1.0 255.255.255.128 10.0.0.10
ip route 10.0.2.0 255.255.255.0 10.0.0.10
ip route 10.0.3.0 255.255.255.0 10.0.0.10
ip route 10.0.5.0 255.255.255.0 10.0.0.10
ip route 10.1.10.0 255.255.255.0 10.0.0.10
ip route 10.1.30.0 255.255.255.0 10.0.0.10
ip route 10.1.40.0 255.255.255.0 10.0.0.10
ip route 10.1.41.0 255.255.255.0 10.0.0.10
ip route 10.1.50.0 255.255.255.0 10.0.0.10
ip route 10.1.90.0 255.255.255.0 10.0.0.10
ip route 10.1.100.0 255.255.255.0 10.0.0.10
ip route 192.168.0.0 255.255.0.0 10.0.0.10
!
ip access-list standard SNMP
permit 192.168.3.14
!
ip access-list extended ALLOW-IP
permit ip 10.0.2.0 0.0.0.255 10.1.92.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 10.1.92.0 0.0.0.255
permit ip 10.0.0.8 0.0.0.7 10.1.92.0 0.0.0.255
permit ip 10.1.0.0 0.0.255.255 10.1.92.0 0.0.0.255
permit ip 192.168.0.0 0.0.255.255 10.1.92.0 0.0.0.255
permit ip host 10.100.12.15 10.1.92.0 0.0.0.255
permit ip host 10.100.10.136 10.1.92.0 0.0.0.255
ip access-list extended ALLOW-IP-LANNET
permit ip 10.1.100.0 0.0.0.255 10.1.92.0 0.0.0.255
permit ip 10.0.3.0 0.0.0.255 10.1.92.0 0.0.0.255
permit ip 10.0.1.0 0.0.0.255 10.1.92.0 0.0.0.255
permit ip 10.1.0.0 0.0.255.255 10.1.92.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 10.1.92.0 0.0.0.255
permit ip 10.0.2.0 0.0.0.255 10.1.92.0 0.0.0.255
permit ip 10.100.10.0 0.0.0.255 any
permit ip 10.100.12.0 0.0.0.25 any
ip access-list extended DMZ-VPN
permit ip 10.1.92.0 0.0.0.255 any
permit ip 10.0.0.16 0.0.0.7 any
permit ip 10.0.0.8 0.0.0.7 any
ip access-list extended GIG0/0
deny ip 127.0.0.0 0.0.0.255 any
deny ip 255.255.255.0 0.0.0.255 any
permit ip 10.1.94.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 10.1.94.0 0.0.0.255 10.0.0.0 0.0.0.255
permit ip 10.1.94.0 0.0.0.255 10.0.1.0 0.0.0.255
permit ip 10.1.94.0 0.0.0.255 10.0.3.0 0.0.0.255
permit ip 10.1.94.0 0.0.0.255 10.0.2.0 0.0.0.255
permit ip 10.1.94.0 0.0.0.255 10.0.5.0 0.0.0.255
permit ip 10.1.94.0 0.0.0.255 10.1.30.0 0.0.0.255
permit ip 10.1.94.0 0.0.0.255 10.1.100.0 0.0.0.255
permit ip 10.1.92.0 0.0.0.255 any
permit ip 10.1.94.0 0.0.0.255 any
permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended GIG0/0-IN
permit ip 192.168.3.0 0.0.0.255 10.1.94.0 0.0.0.255
permit ip 10.0.0.0 0.0.0.255 10.1.94.0 0.0.0.255
permit ip 10.0.1.0 0.0.0.255 10.1.94.0 0.0.0.255
permit ip 10.0.2.0 0.0.0.255 10.1.94.0 0.0.0.255
permit ip 10.0.3.0 0.0.0.255 10.1.94.0 0.0.0.255
permit ip 10.0.5.0 0.0.0.255 10.1.94.0 0.0.0.255
permit ip 10.1.100.0 0.0.0.255 10.1.94.0 0.0.0.255
permit ip any any
ip access-list extended TELNET

deny tcp any eq www any
deny tcp any any eq www
deny tcp any any eq telnet
deny tcp any eq telnet any
deny tcp any eq 443 any
deny tcp any any eq 443
permit ip 148.245.131.0 0.0.0.255 any
permit ip 148.243.34.0 0.0.0.255 any
permit ip 148.233.175.0 0.0.0.15 any
permit ip 187.141.32.112 0.0.0.15 any
permit ip host 187.141.32.126 any
permit tcp host 189.205.237.63 any
permit tcp host 187.167.215.117 any
permit ip host 10.0.0.18 any
permit ip host 148.233.175.197 any
permit ip host 10.0.3.1 any
permit ip host 187.242.255.26 any
!
ip sla responder tcp-connect ipaddress 10.0.2.40 port 1433
ip sla 1
icmp-echo 10.0.2.40 source-ip 10.0.1.125
verify-data
frequency 10
history statistics-distribution-interval 10
logging source-interface GigabitEthernet0/0
logging 10.0.3.1
access-list 1 permit 10.0.3.1
!
!
snmp-server community SmartCare RW 1
snmp-server community construmac RO SNMP
snmp-server ifindex persist
snmp-server location Construmac Naucalpan
snmp-server contact hibanez@construmac.com
snmp-server enable traps entity-sensor threshold
snmp-server enable traps mvpn
snmp-server enable traps cpu threshold
snmp-server enable traps ipsec too-many-sas
snmp-server host 10.0.3.1 version 2c SmartCare aaa_server memory cpu syslog firewall
radius-server host 10.0.2.56 auth-port 1812 key 7 112A160B04061919092B2876786260
radius-server host 10.0.2.55 auth-port 1812 key 7 0130090A481F141A2C4D4D5B495442
radius-server key 7 0625002F5F5A1B0C081611595C557F

line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 3
access-class TELNET in
exec-timeout 2 0
privilege level 7
transport input telnet ssh
line vty 4
access-class TELNET in
exec-timeout 0 0
privilege level 7
transport input telnet ssh
line vty 5 15
access-class TELNET in
exec-timeout 0 0
privilege level 7
transport input telnet ssh
!
exception memory ignore overflow processor
exception memory ignore overflow io
exception crashinfo maximum files 5
scheduler allocate 20000 1000
ntp server 209.167.68.100 prefer source Multilink2
!
!
webvpn gateway GW-01
hostname vpn
ip address 10.0.0.17 port 443
ssl trustpoint TP-self-signed
inservice
!
webvpn context VPN-01
!
policy group VPN-01
functions svc-enabled
timeout idle 43200
timeout session 43200
svc address-pool "SVC-POOL" netmask 255.255.255.0
svc default-domain "construmac.com"
svc keep-client-installed
svc dpd-interval client 2000
svc dpd-interval gateway 30
svc rekey method new-tunnel
svc split include 192.168.3.0 255.255.255.0
svc split include 10.0.0.0 255.255.255.0
svc split include 10.0.1.0 255.255.255.128
svc split include 10.0.3.0 255.255.255.0
svc split include 10.0.1.0 255.255.255.0
svc split include 10.0.2.0 255.255.255.0
svc split include 10.1.100.0 255.255.255.0
svc split include 10.0.1.240 255.255.255.252
svc split include 10.0.1.244 255.255.255.252
svc split include 10.0.5.0 255.255.255.0
svc split include 10.1.30.0 255.255.255.0
svc split include 10.1.10.0 255.255.255.0
svc dns-server primary 10.0.2.55
svc dns-server secondary 10.0.2.56
svc wins-server primary 10.0.2.55
svc wins-server secondary 10.0.2.56
virtual-template 1
default-group-policy VPN-01
aaa authentication list userAuth
gateway GW-01
!
ssl encryption aes-sha1
ssl authenticate verify all
inservice
!
end

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card