Howto deny access to router from public networks

Answered Question
Sep 9th, 2010
User Badges:

Hello experts!


I have a Cisco router set up to allow telnet and ssh login via these lines:


line vty 0 4
privilege level 15
login local
transport input telnet ssh


Is there an easy way to deny this access from any public or outside network?

I want to be able to login only from our internal LANs (192.168.0.x and 192.168.1.x).


Thanks in advance for your help!


Kind regards, Matthias

Correct Answer by Jennifer Halim about 6 years 9 months ago

Yes sure.


The command is:

ip http access-class 5

Correct Answer by Jennifer Halim about 6 years 9 months ago

Sure, just create ACL to allow the private subnets as follows:


access-list 5 permit 192.168.0.0 0.0.0.255

access-list 5 permit 192.168.1.0 0.0.0.255


line vty 0 4

access-class 5 in


Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jennifer Halim Thu, 09/09/2010 - 01:11
User Badges:
  • Cisco Employee,

Sure, just create ACL to allow the private subnets as follows:


access-list 5 permit 192.168.0.0 0.0.0.255

access-list 5 permit 192.168.1.0 0.0.0.255


line vty 0 4

access-class 5 in


Hope that helps.

MatthiasGTW Thu, 09/09/2010 - 01:26
User Badges:

Hello halijenn,


that worked very well, thanks. Is it also possible to apply this access-list to the internal web-server of the router?

It is set up as:


ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000


But these commands are outside of any "line" or "interface" -- how can I apply an access-list anyway?


Thanks again!

Correct Answer
Jennifer Halim Thu, 09/09/2010 - 01:42
User Badges:
  • Cisco Employee,

Yes sure.


The command is:

ip http access-class 5

Actions

This Discussion