04-26-2010 12:33 PM - edited 03-04-2019 08:17 AM
Hi all,
What is the recomended method to secure the access to Internet zone devices (router/switch) with public IPs? SSH enabled to access via Internet and is configured as transport for line vty with firm owned public ip ACL, even then the sitch/router responds to telnet with switch/router > via internet.
Test-INTR1#
!
line vty 0 4
access-class 23 in --> Firm owned puble IPs
exec-timeout 20 0
login local
transport input ssh
line vty 5 15
no login
!
Int vla30
ip addtress 20.20.20.1 255.255.255.248
!
Now from Internet (not from Firm IPs) with telnet test:
Test-INTR1>
What is the procedure, so that it will not give any prompt form outside/firm owned public IPs..?
TIA
MS
Solved! Go to Solution.
04-27-2010 12:41 PM
Hi MS,
Remove the unused vty lines should solve your problem.
no line vty 5 15
Regards,
Tim
04-26-2010 02:51 PM
Disadvantage of publishing Network Devices to Internet
Hence , It's better to establish Remote-VPN solution for accessing and managing remote devices through Internet.
04-27-2010 12:41 PM
Hi MS,
Remove the unused vty lines should solve your problem.
no line vty 5 15
Regards,
Tim
04-27-2010 12:44 PM
Hi Tim,
I resolved the issue this morning and about to update the post in few. But, thank you for your reply. I used 'transport input none' for vty 5 15. Your resolution is better though..;-).
Thanks
MS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: