Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Securing router with ACL

I need to secure my routers by only allowing certain hosts on my internal network to access. I use SSH. I have tried using acl's but connection is refused when I set line vty 0 4 to use the access-class # in command.

Can someone be so kind to show me the errors I am making? These are all external facing routers with external IP's. I am NAT'd behind a firewall.

Example:


access-list 101 permit tcp host myinternalipaddress host myexternalipaddress eq 22
access-list 101 permit tcp host myinternalipaddress host myexternalipaddress eq 22
access-list 101 permit tcp host myinternalipaddress host myexternalipaddress eq 22
access-list 101 permit tcp host myinternalipaddress host myexternalipaddress eq 22
access-list 101 permit tcp host myinternalipaddress host myexternalipaddress eq 22

!
interface FastEthernet0/0
ip address myexternalipaddress 255.255.255.248
no ip redirects
no ip unreachables
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation frame-relay IETF
no ip mroute-cache
no fair-queue
frame-relay lmi-type ansi
!
interface Serial0/0/0.1 point-to-point
ip unnumbered FastEthernet0/0
no arp frame-relay
frame-relay interface-dlci 500
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0.1
!

line vty 0 4
session-timeout 30
login local
access-class 101 in
transport input ssh
transport output none

!

Thanks in advance for your assistance.

Everyone's tags (4)
563
Views
0
Helpful
0
Replies