Disable telnet access to UC500 WAN

Unanswered Question
Steven DiStefano Wed, 06/24/2009 - 07:42
User Badges:
  • Blue, 1500 points or more

The Faste 0/0 WAN Interface has an ACL put there by CCA, usually 104.


While it allows VPN connections (if you set up the VPN Server on the UC500 - also using CCA) it blocks TELNET and SSH by not explicitly permiting those ports 23 and 22, so they fall to the deny any any (last ACL statement).


So maybe nothing to do if using CCA.  If not using CCA, build one, but build it as ACL 150 or higher so if you ever do connect CCA, it will respect it.

David Harper Wed, 06/24/2009 - 15:52
User Badges:
  • Cisco Employee,

If you are using CCA, the presence or absence of pinholes in the firewall for telnet/ssh is controlled by the Configure > Device Properties > Device Access screen.  As Steve says, these default to no access.


Cheers,

Dave.

Actions

This Discussion