Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to limit remote management access to 2800 router?

What are the configs to only allow specific hosts to remotely manage the router using a)https and b)SSH?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to limit remote management access to 2800 router?

Said,

You can use access lists to the appropriate lines.

For HTTPS

access-list 1 remark permit HTTPS Management

access-list 1 permit 192.168.1.50

access-list 1 permit 192.168.1.99

access-list 1 permit 192.168.1.250

access-list 1 deny any

ip http secure-server access-class 1

For SSH

access-list 2 remark permit SSH Management

access-list 2 192.168.1.100

access-list 2 192.168.1.101

access-list 2 192.168.1.105

access-list 2 deny any

line vty 0 15

access class 2 in

transport input ssh

Just replace the example IP addresses with the ones you wish to permit

HTH,

Mark

3 REPLIES

Re: How to limit remote management access to 2800 router?

Said,

You can use access lists to the appropriate lines.

For HTTPS

access-list 1 remark permit HTTPS Management

access-list 1 permit 192.168.1.50

access-list 1 permit 192.168.1.99

access-list 1 permit 192.168.1.250

access-list 1 deny any

ip http secure-server access-class 1

For SSH

access-list 2 remark permit SSH Management

access-list 2 192.168.1.100

access-list 2 192.168.1.101

access-list 2 192.168.1.105

access-list 2 deny any

line vty 0 15

access class 2 in

transport input ssh

Just replace the example IP addresses with the ones you wish to permit

HTH,

Mark

New Member

Re: How to limit remote management access to 2800 router?

Mark,

Thank you. Do you know the config for ASA firewall to allow HTTPS and SSH access by specific IPs management access to the firewall?

Re: How to limit remote management access to 2800 router?

For the asa the syntax is quite a bit different. Here are examples for configuring SSH and ASDM access.

SSH:

ssh 10.10.1.0 255.255.255.0 inside

ssh 10.10.2.55 255.255.255.255 inside

ssh 1.2.3.4 255.255.255.255 outside

ASDM

http 10.10.1.0 255.255.255.0 inside

http 10.10.2.55 255.255.255.255 inside

http 1.2.3.4 255.255.255.255 outside

management-access inside

and for outside management

management-access outside

Note: Don't forget to permit outside management in your ACL's.

HTH,

Mark

184
Views
0
Helpful
3
Replies