Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Basic ACL giving me trouble - 2620 router block SSH from outside

We have an old 2620 router that acts as an Internet router at one of our sites. Currently it only accepts SSH connections. We want to block SSH from the

outside, and only allow management from inside the network. I have tried an acl that denys SSH and permits TCP any on the inbound serial interface, but it stops all traffic.

How can I limit mgmt of the router to only internal?

Thanks,

Andy

1 REPLY
Silver

Re: Basic ACL giving me trouble - 2620 router block SSH from out

This ACL should not go on an interface.  This ACL should be installed on the VTY lines.

For example if you only want to allow SSH access from 10.10.10.0/24 try the following.  This applies to all VTY access; for instance if you also allow telnet it would also apply to that as well.

access-list 82 remark *** Protect VTY ***
access-list 82 permit 10.10.10.0 0.0.0.255

line vty 0 4
access-class 82 in
exit


Chris

1155
Views
0
Helpful
1
Replies
CreatePlease to create content