Internet zone device- Secure access

Answered Question
Apr 26th, 2010

Hi all,

What is the recomended method to secure the access to Internet zone devices (router/switch) with public IPs?  SSH enabled to access via Internet and is configured as transport for line vty with firm owned public ip ACL, even then the sitch/router responds to telnet with switch/router > via internet.

Test-INTR1#

!

line vty 0 4
access-class 23 in --> Firm owned puble IPs
exec-timeout 20 0
login local
transport input ssh
line vty 5 15
no login

!

Int vla30

ip addtress 20.20.20.1 255.255.255.248

!

Now from Internet (not from Firm IPs) with telnet test:

Test-INTR1> 

What is the procedure, so that it will not give any prompt form outside/firm owned public IPs..?

TIA

MS

I have this problem too.
0 votes
Correct Answer by zartar911 about 6 years 7 months ago

Hi MS,

Remove the unused vty lines should solve your problem.

no line vty 5 15

Regards,

Tim

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
shailesh.h Mon, 04/26/2010 - 14:51

Disadvantage of publishing Network Devices to Internet

  1. Waste of IP address
  2. Exposing network devices for possible attacks, which may cause denial of service
  3. If your system (Laptop / desktop) affected, it may share keystroke information to attacker.

Hence , It's better to establish Remote-VPN solution for accessing and managing remote devices through Internet.

Correct Answer
zartar911 Tue, 04/27/2010 - 12:41

Hi MS,

Remove the unused vty lines should solve your problem.

no line vty 5 15

Regards,

Tim

mvsheik123 Tue, 04/27/2010 - 12:44

Hi Tim,

I resolved the issue this morning and about to update the post in few. But, thank you for your reply. I used 'transport input none' for vty 5 15. Your resolution is better though..;-).

Thanks

MS

Actions

This Discussion