06-11-2007 08:22 PM - edited 03-05-2019 04:38 PM
I have a 1721 set up as i guess a router on a stick. Anyway I cannot seem to block telnet on my wan interface. I use 5 IPs on my wan side of my router(from a cable modem) and I can only telnet to the Ip that i set as the interface ip. However, when I try to apply an accesslist it still gets thru. The top line on my acces-list 101 is access-list 101 deny tcp any any eq telnet. Accesslist 101 is is applied inbound in the interface. What else do I need to do to get this to block telnet on that interface
Solved! Go to Solution.
06-11-2007 10:40 PM
Right.
Can you confirm that you applied the ACl on the LIne VTY 0 15
access-list 199 permit tcp xx.yy.zz.0 0.0.0.255 any
access-list 199 permit tcp aa.bb.cc.0 0.0.0.127 any
access-list 199 deny ip any any log
line vty 0 4
access-class 199 in
exec-timeout 60 0
06-11-2007 08:28 PM
Hi Ryan
Can you post the config which you have done over there in your router ?
regds
06-11-2007 09:51 PM
do you deny telnet from outside ?if yes
bellow the configuation
conf t
line vty 0 15
transport input none
-------------
if no
past the config for router
06-11-2007 10:40 PM
Right.
Can you confirm that you applied the ACl on the LIne VTY 0 15
access-list 199 permit tcp xx.yy.zz.0 0.0.0.255 any
access-list 199 permit tcp aa.bb.cc.0 0.0.0.127 any
access-list 199 deny ip any any log
line vty 0 4
access-class 199 in
exec-timeout 60 0
06-12-2007 09:24 AM
I applied the access to the outside interface, which is ethernet0
06-12-2007 09:35 AM
I was wrong. It is only allowing telnet to the outside interface ip from inside.
06-12-2007 08:49 PM
Is the issue fixe now ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: