Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vty access to routers

I wanted to know if there is any plan on configuring vty access on an interface level? I was thinking of this scenario:

vty to the s0 interface from the Internet - allow only ssh input

vty to the fa0 interface from the LAN - allow telnet input

Thanks,

RJ

1 REPLY
Green

Re: vty access to routers

On a PIX, I'm pretty sure you can define rules that will allow SSH from the outside interface (Telnet is not allowed, last I've heard).

I believe that the more recent versions of IOS firewall will allow SSH (but not Telent) from an external interface.

You should implement SSH from an external interface with a massive grain of salt: Cisco only supports SSH v1, which (while MUCH better than Telnet), is not considered truely secure. If you find yourself in a situation where you must open SSH access, do it on a temporary basis, for the duration of the necessity.

A much better solution (IMO) would be to set up a strong VPN to the inside network, then SSH from the inside.

As long as you have to do the setup for SSH, why not just scrap Telnet altogether?

Good Luck

Scott

127
Views
0
Helpful
1
Replies
CreatePlease login to create content