If you are trying to CONNECT to a router using SSH or Telnet, you want to use the "transport input" command to indicate what protocols may be used to connect to the router. Example:
line vty 0 5 !(or whatever range you like)
transport input telnet
transport input ssh
telnet uses TCP port 23, SSH uses TCP port 22, so if you use access-lists you need to open the ports.
You need to enable some form of login credential checking, or connections will not be allowed.
SSH config notes:
Tips on Telnet Configuration:
There are two options:
1) If you want to RESTRICT PACKETS at the router, you can use access-list + access-group on the interfaces.
2) If you want to RESTRICT CONNECTIONS you can use access-list and access-class on the vtys
If you are just trying to limit which IP addresses are allowed to connect, (2) is the best practice. If you have greater paranoia and don't even want to see connection attempts reach the OS from disallowed IP addresses, (1) is the way to go, but is not the best practice.
You may want to read http://articles.techrepublic.com.com/5100-10878_11-1052538.html.
When you use the access-class command, it applies to all incoming transports, incluidng SSH and telnet.
Maybe you want to share the relvenant portions of your configuration? It sounds like you are saying you have set up something (what?) and now cannot connect with SSH or telnet. Can you connect if there are no restrictions set up at all?
You may want to post a detailed description in French or Dutch (Flemish?) and see if we can us Google Translate or Babel Fish to understand the detail.
So, the goal is to connect to the router using the SSH protocol, right?
1) Can you connect with SSH at all?
2) Are you trying to connect on the LAN side or the WAN side?
3) What happens when you try to connect?
4) What do you want to happen?
1) ja ssh lukt
2) ik probeer ssh vanaf WAN side
3) wil remote kunnen inlogen op router zowel ssh als telnet
4) ik wil op de router werken vanaf een ander netwerk
OK, got it. You want to ALLOW remote conenction from SSH and/or telnet.
Right now, your configuration is using NAT and zone-based firewall (ZBFW).
Are you using SDM or CCP to configure the device?
The configuration seems correct, but I am not a ZBFW expert.
Looking at https://supportforums.cisco.com/thread/2012714, it seems like you may need to allow SSH and telnet in the "source self destination out-zone" path:
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
Your self to out path doesn't allow SSH and telnet.
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
class type inspect ccp-icmp-access
WARNING: this is just a guess. Ask over in the Firewall group.