Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Server access from untrusted interface

I need a little help to give telnet access to one of servers 10.10.10.3 to several of our partner they have PPP to our network and they only need access to this server. Below is a copy of my config any help would be greatly appreciated.

Thanks

Dean

access-list partner permit ip host 10.10.10.3 10.10.80.0 255.255.255.0

access-list partner permit ip host 10.10.10.3 10.10.81.0 255.255.255.0

access-list partner permit ip host 10.10.10.3 10.10.89.0 255.255.255.0

access-list partner permit ip host 10.10.10.3 10.10.90.0 255.255.255.0

ip address outside 192.168.252.5 255.255.255.252

ip address inside 10.10.10.241 255.255.255.0

static (inside,outside) 10.10.10.3 10.10.10.3 netmask 255.255.255.255 0 0

access-group partner in interface outside

conduit permit icmp any any

route outside 0.0.0.0 0.0.0.0 192.168.252.9 1

1 REPLY
New Member

Re: Server access from untrusted interface

Hi Dean,

try to change your ACL. The command reference for ALCs is: access-list name permit/deny protocol source-address destination-address .

As I understand your config you use your ACL on the outside interface inbound whitch means your partner networks are the source ip and your serve is the destination ip.

So if your ACL looks like

access-list partner permit ip 10.10.80.0 255.255.255.0 host 10.10.10.3

access-list partner permit ip 10.10.81.0 255.255.255.0 host 10.10.10.3

access-list partner permit ip 10.10.89.0 255.255.255.0 host 10.10.10.3

access-list partner permit ip 10.10.90.0 255.255.255.0 host 10.10.10.3

it should work.

A little hint: it is not recommended by cisco to use ACLs and conduits in the same config.

Hope this helps

Kind regards

Norbert

85
Views
0
Helpful
1
Replies