IOS firewall on 2811

Unanswered Question
Jun 11th, 2007


I have an 2811 router with advanced security IOS, two site-site VPNs are terminated on it. On the public interface I added an ACL which allows IPSec traffic and EIGRP - that's the routing protocol to the neighbor Border router. IPSec tunnels are working, but I can't reach the border router however the EIGRP process is up - neighbor relation is up too. I also added inspection for SSH, SNMP (see attachment) but I can't reach the Border router from internal LAN with SSH, SNMP, but I can ping.

10.x.x.201 is Loopback on Border

10.x.x.2 is a PC on LAN

If you have any idea please share with me.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a-vazquez Tue, 06/19/2007 - 03:21

Check the access list are created and applied on outside interface. Check these access list on both the devices and also check the source and destinations are properly given as per the scenoria.

farkascsgy Tue, 06/19/2007 - 04:00

What you mean to check? The problem is that the CBAC firewall drops the SSH connections as you can see in the attached file.




This Discussion