Accessing Router from WAN-Side (Internet)

Unanswered Question
Nov 7th, 2007
User Badges:

Hi !


I have a little issue with my C871 box. I would like to access the routers

management console through ssh & https (SDM) from the Internet.

At the moment this does not work. I am able to ping the device but I am not

able to access the box through ssh or https although I opened the FW on the

Box.


Maybe somebody can check my attached config?



Thanx....Andy



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Wed, 11/07/2007 - 13:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Andy


The cause of your problems can be found in the config that you posted. As for the access via HTTPS look at these lines:

ip http access-class 2

ip http authentication local

ip http secure-server

This says that access via HTTPS must be permitted by access list 2 which permits only the addresses of VLAN 1 to access it and denies any other access:

access-list 2 remark HTTP Access-class list

access-list 2 remark SDM_ACL Category=1

access-list 2 permit 192.168.0.0 0.0.0.255

access-list 2 deny any


The SSH issues is in the config of the vty lines. You do have them configured so that they accept SSH but not telnet. But you have put an access restriction on the vty lines with this:

line vty 0 4

access-class 23 in

which says that any SSH access must be permitted by access list 23. But there is no access list 23.


So to permit HTTPS you would need to add your source address to access list 2. And to permit SSH you must create access list 23 and it must permit your source address.


HTH


Rick

Actions

This Discussion