trouble blocking telnet on wan side

Answered Question
Jun 11th, 2007

I have a 1721 set up as i guess a router on a stick. Anyway I cannot seem to block telnet on my wan interface. I use 5 IPs on my wan side of my router(from a cable modem) and I can only telnet to the Ip that i set as the interface ip. However, when I try to apply an accesslist it still gets thru. The top line on my acces-list 101 is access-list 101 deny tcp any any eq telnet. Accesslist 101 is is applied inbound in the interface. What else do I need to do to get this to block telnet on that interface

Correct Answer by anandramapathy about 9 years 8 months ago

Right.

Can you confirm that you applied the ACl on the LIne VTY 0 15

access-list 199 permit tcp xx.yy.zz.0 0.0.0.255 any

access-list 199 permit tcp aa.bb.cc.0 0.0.0.127 any

access-list 199 deny ip any any log

line vty 0 4

access-class 199 in

exec-timeout 60 0

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
spremkumar Mon, 06/11/2007 - 20:28

Hi Ryan

Can you post the config which you have done over there in your router ?

regds

mtechnology Mon, 06/11/2007 - 21:51

do you deny telnet from outside ?if yes

bellow the configuation

conf t

line vty 0 15

transport input none

-------------

if no

past the config for router

Correct Answer
anandramapathy Mon, 06/11/2007 - 22:40

Right.

Can you confirm that you applied the ACl on the LIne VTY 0 15

access-list 199 permit tcp xx.yy.zz.0 0.0.0.255 any

access-list 199 permit tcp aa.bb.cc.0 0.0.0.127 any

access-list 199 deny ip any any log

line vty 0 4

access-class 199 in

exec-timeout 60 0

ryancolson Tue, 06/12/2007 - 09:24

I applied the access to the outside interface, which is ethernet0

ryancolson Tue, 06/12/2007 - 09:35

I was wrong. It is only allowing telnet to the outside interface ip from inside.

Actions

This Discussion