How to limit remote management access to 2800 router?

Answered Question
Jan 23rd, 2009
User Badges:

What are the configs to only allow specific hosts to remotely manage the router using a)https and b)SSH?

Thanks.

Correct Answer by Mark Yeates about 8 years 4 months ago

Said,


You can use access lists to the appropriate lines.


For HTTPS


access-list 1 remark permit HTTPS Management

access-list 1 permit 192.168.1.50

access-list 1 permit 192.168.1.99

access-list 1 permit 192.168.1.250

access-list 1 deny any


ip http secure-server access-class 1


For SSH


access-list 2 remark permit SSH Management

access-list 2 192.168.1.100

access-list 2 192.168.1.101

access-list 2 192.168.1.105

access-list 2 deny any



line vty 0 15

access class 2 in

transport input ssh


Just replace the example IP addresses with the ones you wish to permit


HTH,

Mark

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Mark Yeates Fri, 01/23/2009 - 17:13
User Badges:
  • Gold, 750 points or more

Said,


You can use access lists to the appropriate lines.


For HTTPS


access-list 1 remark permit HTTPS Management

access-list 1 permit 192.168.1.50

access-list 1 permit 192.168.1.99

access-list 1 permit 192.168.1.250

access-list 1 deny any


ip http secure-server access-class 1


For SSH


access-list 2 remark permit SSH Management

access-list 2 192.168.1.100

access-list 2 192.168.1.101

access-list 2 192.168.1.105

access-list 2 deny any



line vty 0 15

access class 2 in

transport input ssh


Just replace the example IP addresses with the ones you wish to permit


HTH,

Mark

saidfrh Fri, 01/23/2009 - 17:27
User Badges:

Mark,


Thank you. Do you know the config for ASA firewall to allow HTTPS and SSH access by specific IPs management access to the firewall?

Mark Yeates Fri, 01/23/2009 - 17:45
User Badges:
  • Gold, 750 points or more

For the asa the syntax is quite a bit different. Here are examples for configuring SSH and ASDM access.


SSH:


ssh 10.10.1.0 255.255.255.0 inside

ssh 10.10.2.55 255.255.255.255 inside

ssh 1.2.3.4 255.255.255.255 outside


ASDM


http 10.10.1.0 255.255.255.0 inside

http 10.10.2.55 255.255.255.255 inside

http 1.2.3.4 255.255.255.255 outside


management-access inside


and for outside management


management-access outside


Note: Don't forget to permit outside management in your ACL's.


HTH,

Mark


Actions

This Discussion