I have an end-router which is connected with a network which i don't control it. I want to secure the telnet access from that network to the rest of my network so i creat an extended ACL :
access-list 101 deny tcp any any eq telnet
access-list 101 permit tcp any any
access-list 101 permit ip any any.
I put the access list in the interface like that:
int s0/0
access-group 101 in
Did i do that right? Do i need to permit also ip and tcp . Is there a better way?
Thanks
moses