I am having a problem with and ACL blocking SSH from the outside interface. I do not want users to SSH my router from the outside at all. Here is my ACL and the way it is applied to the interface that faces the internet.
ip access-list extended OUTSIDE_IN
permit udp any any eq isakmp
permit esp any any
permit gre any any
deny ip any any log
ip address x.x.x.x 255.255.255.x
ip access-group OUTSIDE_IN in
ip nat outside
ip inspect FW_OUT out
I have a explicit deny all and it still allows SSH sessions from the outside. This seems to be so simple and I have did this on a test router and it works, just not on my production router. Any idea's?
Attached is the entire config.