Would you please explain me why the following ACLs do not work. I purchased block of 8 IP addresses from ISP (ADSL connection). I have received the following from ISP: IPs 22.214.171.124/29 all traffic is routed to IP address 126.96.36.199
Setup (Cisco 1712):
Wan interface (Dialer): 188.8.131.52/31
Vlan 1(Local Network): 192.168.1.1/24
Vlan 2(Public IP address): 184.108.40.206/30 - 220.127.116.11 goes to Web/mail server
I am trying to limit SSH access only to IP address 18.104.22.168 and 22.214.171.124 with no success. I can only achieve SSH access if I have statement: access-list 101 permit tcp any any eq 22 login ACL. If I try with:
access-list 101 permit tcp any host 126.96.36.199 eq 22 log and access-list 101 permit tcp any host 188.8.131.52 eq 22 log all SSH connection are disconnected.
I assume from your statement that addresses 184.108.40.206 and 220.127.116.11 are the destinations that SSH should connect to (which would allow SSH to the router dialer address and to the server). When you say that SSH sessions are disconnected if you use the specific access list entries, where were the SSH connections connected to when you tried this (what address was specified in the SSH command to make the connection)?
A good approach to troubleshooting ACL problems is to use the log parameter on the deny statements - which your access list does do. So you should be able to look in the log from the router, find the packets that were denied, and get some indicator of what did not match (what address were they using as destination)?
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...