trouble blocking telnet on wan side

Answered Question
Jun 11th, 2007
User Badges:

I have a 1721 set up as i guess a router on a stick. Anyway I cannot seem to block telnet on my wan interface. I use 5 IPs on my wan side of my router(from a cable modem) and I can only telnet to the Ip that i set as the interface ip. However, when I try to apply an accesslist it still gets thru. The top line on my acces-list 101 is access-list 101 deny tcp any any eq telnet. Accesslist 101 is is applied inbound in the interface. What else do I need to do to get this to block telnet on that interface

Correct Answer by anandramapathy about 10 years 1 month ago

Right.


Can you confirm that you applied the ACl on the LIne VTY 0 15


access-list 199 permit tcp xx.yy.zz.0 0.0.0.255 any

access-list 199 permit tcp aa.bb.cc.0 0.0.0.127 any

access-list 199 deny ip any any log



line vty 0 4

access-class 199 in

exec-timeout 60 0

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
spremkumar Mon, 06/11/2007 - 20:28
User Badges:
  • Red, 2250 points or more

Hi Ryan


Can you post the config which you have done over there in your router ?


regds


mtechnology Mon, 06/11/2007 - 21:51
User Badges:

do you deny telnet from outside ?if yes

bellow the configuation


conf t


line vty 0 15


transport input none

-------------

if no


past the config for router


Correct Answer
anandramapathy Mon, 06/11/2007 - 22:40
User Badges:
  • Bronze, 100 points or more

Right.


Can you confirm that you applied the ACl on the LIne VTY 0 15


access-list 199 permit tcp xx.yy.zz.0 0.0.0.255 any

access-list 199 permit tcp aa.bb.cc.0 0.0.0.127 any

access-list 199 deny ip any any log



line vty 0 4

access-class 199 in

exec-timeout 60 0

ryancolson Tue, 06/12/2007 - 09:24
User Badges:

I applied the access to the outside interface, which is ethernet0


ryancolson Tue, 06/12/2007 - 09:35
User Badges:

I was wrong. It is only allowing telnet to the outside interface ip from inside.

Actions

This Discussion