i have a cisco 2610 with 12.0(8) that routes a class c address space from an ISP. There's also a Cat 5000 on the external network. The internal networks are firewalled by sonicwall SOHO2 and SOHO3 and PIX 506 firewalls.
The company has been using telnet to access the 2610 from the Internet. There are no access lists on the router, and AA.
How important is it to use acls to filter traffic inbound on the external router interface? I was thinking of filtering the class c, private ips, and a number of protocols including icmp.
I was considering using ssh to access the 2610 and the Cat 5000, but only from a host inside one of the firewalls. How secure is that solution?
Is it possible to use a PIX 506 or Sonicwall as an ssh host instead of passing through the firewall?