I am try to set up Lock and Key ACLs on dialer interfaces on a 2610. I want it for outbound traffic. Everything looks ok. However, when I telnet to the dialer interfaces IP and log in I get a message saying:
No input access group defined for Ethernet0/0.
What little information I can find on Lock and Key indicates you can put the ACL on any interface in or out. I am missing something here? Here is the part of my configuration that addresses the Key and Lock ACL.
Current configuration : 29521 bytes
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
username testuser password testpass
ip address 192.168.1.3 255.255.255.248
ip nat inside
no cdp enable
no ip address
dialer pool-member 1
async mode dedicated
ppp authentication chap
group-range 33 40
ip address 172.20.11.10 255.255.255.240
ip access-group 102 out
ip nat outside
dialer pool 1
dialer remote-name remotesite
dialer idle-timeout 45000
dialer string 628
no cdp enable
access-list 102 remark Testing Dynamic ACL
access-list 102 dynamic testacl timeout 120 permit ip any any log
access-list 102 permit tcp any host 172.20.11.10 eq telnet
Re: Lock and Key ACL outbound on Dialer interfaces
You can define the ACL on any interface, but it has to be the inbound interface (the interface the traffic is coming in on). If what you're trying to do here is allow the users on e0/0 out after they've authenticated, then apply the ACL inbound on e0/0.
Also, I'd change your autocommand to the following:
> autocommand access-enable host timeout 5
Putting the "host" keyword means that when the dynamic ACL is applied, only the source host will be allowed, otherwise when one person authenticates everyone is allowed out.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :