I want to know if anyone has succesfully done the 1st example above on a Cisco? We do it all day long on Alcatel and Westell equipment but the Cisco I have deployed is remote and I don't want to lose access if it does not work.
Q2) The 1710 is configured in EzVPN Network Extension Mode. Works well. Problem is access-lists don't seem to work correctly here. I need to allow ssh access from the Net and deny telnet. I can deny the telnet (see below) but I also want users on the LAN to be able to telnet into the unit. How would YOU enable this?
1. Should work fine, the router will just whatever you specify as the username. We have to do a similar thig in Australia with the phone company there sending the @bigpond.net after the username, works fine on the routers.
2. You can't enable telnet for some users if you've set up the vty's to only accept SSH. You're better off allowing the VTY's to accept SSH and Telnet, then defining an access-list on the outside router interface that denies Telnet from the Net and then allows all other traffic. Then your LAN users can use SSH or Telnet from the inside, Net users can only use SSH, and all other traffic is allowed in also (assuming you want that, that is). Something like:
> int serial0
> description Connection to Internet
> ip address y.y.y.y 255.255.255.0
> ip access-group 101 in
> access-list 101 deny tcp any host y.y.y.y eq telnet
> access-list 101 permit ip any any
Your LAN users will telnet to the inside interface so that'll still work fine. You could specifically allow telnet from your LAN subnet to the outside interface if you like also.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...