post the running-config of the router, because it's difficult to identify problem without that,
if you want to permit a particular IP, do the following configuration
Router(config)#access-list 10 permit x.x.x.x
Router(config)#line vty 0 4
Router(line-config)#access-class 10 in
(only x.x.x.x will be permited)
if you want to view any IP trying to connect to the router that does not have permission use the following access-list
access-list 10 permit x.x.x.x
access-list 10 deny any log
if you want to disable telnet, do the following:
Router(line-config)# transport input none
I hope that this will solve your problem,if not post the running-configuration, and you shouldn't deny telnet on interfaces, because it is possible that you apply an access-list on an interface, but you can connect through other interface if you have IP connectivity.
Let me explain you what I know about your situation with Cisco 2522s, you deny Telnet traffic from your customers (except some specific IP addresses) through serial interfaces, but when you try to connect from the router itself (the same cisco 2522) the telnet is allowed, if so
(even though that current configuration must have been worked, I mean I didn't notice any thing wrong) try this command
Router(line-config)# transport output none
(beware that this command disables telnet for all outgoing connections from that router)
Thanks for the reply, i will try this command, but this can work for telnet only, the access-list will include many other protocols and it might not work :( ... If there is no problem in the configurations, what can i expect is it the IOS version or the router model?
Let me offer a couple suggestions. If your customer requires you to have the ACL placed outbound, you can have an outbound and inbound ACL listed on the same interface. My personal approach to this would be restructure the above ACL to be the following and apply it inbound on the ethernet interface that connects to the inside users:
next create another inbound access-list that will filter traffic from the internet and apply them inbound on the serial interfaces.
The problem with the above ACL is that it will not apply to packets as they enter the router but only as they leave. From a security standpoint, I prefer to have rules apply to traffic in all directions.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :