How to limit remote management access to 2800 router?

Answered Question
Jan 23rd, 2009

What are the configs to only allow specific hosts to remotely manage the router using a)https and b)SSH?

Thanks.

I have this problem too.
0 votes
Correct Answer by Mark Yeates about 7 years 11 months ago

Said,

You can use access lists to the appropriate lines.

For HTTPS

access-list 1 remark permit HTTPS Management

access-list 1 permit 192.168.1.50

access-list 1 permit 192.168.1.99

access-list 1 permit 192.168.1.250

access-list 1 deny any

ip http secure-server access-class 1

For SSH

access-list 2 remark permit SSH Management

access-list 2 192.168.1.100

access-list 2 192.168.1.101

access-list 2 192.168.1.105

access-list 2 deny any

line vty 0 15

access class 2 in

transport input ssh

Just replace the example IP addresses with the ones you wish to permit

HTH,

Mark

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Mark Yeates Fri, 01/23/2009 - 17:13

Said,

You can use access lists to the appropriate lines.

For HTTPS

access-list 1 remark permit HTTPS Management

access-list 1 permit 192.168.1.50

access-list 1 permit 192.168.1.99

access-list 1 permit 192.168.1.250

access-list 1 deny any

ip http secure-server access-class 1

For SSH

access-list 2 remark permit SSH Management

access-list 2 192.168.1.100

access-list 2 192.168.1.101

access-list 2 192.168.1.105

access-list 2 deny any

line vty 0 15

access class 2 in

transport input ssh

Just replace the example IP addresses with the ones you wish to permit

HTH,

Mark

saidfrh Fri, 01/23/2009 - 17:27

Mark,

Thank you. Do you know the config for ASA firewall to allow HTTPS and SSH access by specific IPs management access to the firewall?

Mark Yeates Fri, 01/23/2009 - 17:45

For the asa the syntax is quite a bit different. Here are examples for configuring SSH and ASDM access.

SSH:

ssh 10.10.1.0 255.255.255.0 inside

ssh 10.10.2.55 255.255.255.255 inside

ssh 1.2.3.4 255.255.255.255 outside

ASDM

http 10.10.1.0 255.255.255.0 inside

http 10.10.2.55 255.255.255.255 inside

http 1.2.3.4 255.255.255.255 outside

management-access inside

and for outside management

management-access outside

Note: Don't forget to permit outside management in your ACL's.

HTH,

Mark

Actions

This Discussion