I just setup my Cisco 851 router for my home network. Things are working. I would now like to setup a few access lists, but need some help. I would like the following.
1. Log all SSH connections.
2. Deny SSH connections from the outside.
3. Permit/allow SSH connections from the inside.
Let me know.
Re-reading my post above in the light of a new (week) day I've found lots of mistakes in the first access-list - my apologies.
Please ignore the first access-list - it doesn't work. Here is an access-list that does work - I've tested it.
ip access-list extended VTY-LOCKDOWN
permit tcp 10.0.0.0 0.255.255.255 any eq 22 log
deny tcp any any eq 22 log
permit ip any any
Most of the rest of the post is correct - except that bit about 10.0.0.0/8 being 10.0.0.0 0.0.0.255 which of course is wrong.
10.0.0.0/8 = 10.0.0.0 0.255.255.255.255