cisco 2651xm router
I'm having difficulty trying to create an access-list that will restrict ssh traffic 'through' the router. I have port 22 forwarded from the wic-adsl card to the ip of a server on the lan. I'd like to lock this down so that only specified ip's can get through to the server on port 22 and all other source ip's are blocked. is this possible? I've searched on google but can only find examples that deny ip's or globally deny or permit port traffic.
Can you post your configuration? You need to enable ACLs on interfaces depending on the traffic flow. So you have an ADSL uplink and then a LAN interface? And you have forwarded port 22 to the LAN? Is the SSH coming over the WAN? You can apply ACL either inbound on WAN port or outbound on LAN port. Something like:
ip access-list extended DENY_SSH
permit tcp ALLOWED_HOSTS LAN_NETWORK eq 22
deny tcp any any eq 22
permit ip any any
ip access-group DENY_SSH in
You can get more granular with the ACL of course. If you give me the networks I could help you create the full ACL.