01-23-2009 04:03 PM - edited 03-04-2019 12:57 AM
What are the configs to only allow specific hosts to remotely manage the router using a)https and b)SSH?
Thanks.
Solved! Go to Solution.
01-23-2009 05:13 PM
Said,
You can use access lists to the appropriate lines.
For HTTPS
access-list 1 remark permit HTTPS Management
access-list 1 permit 192.168.1.50
access-list 1 permit 192.168.1.99
access-list 1 permit 192.168.1.250
access-list 1 deny any
ip http secure-server access-class 1
For SSH
access-list 2 remark permit SSH Management
access-list 2 192.168.1.100
access-list 2 192.168.1.101
access-list 2 192.168.1.105
access-list 2 deny any
line vty 0 15
access class 2 in
transport input ssh
Just replace the example IP addresses with the ones you wish to permit
HTH,
Mark
01-23-2009 05:13 PM
Said,
You can use access lists to the appropriate lines.
For HTTPS
access-list 1 remark permit HTTPS Management
access-list 1 permit 192.168.1.50
access-list 1 permit 192.168.1.99
access-list 1 permit 192.168.1.250
access-list 1 deny any
ip http secure-server access-class 1
For SSH
access-list 2 remark permit SSH Management
access-list 2 192.168.1.100
access-list 2 192.168.1.101
access-list 2 192.168.1.105
access-list 2 deny any
line vty 0 15
access class 2 in
transport input ssh
Just replace the example IP addresses with the ones you wish to permit
HTH,
Mark
01-23-2009 05:27 PM
Mark,
Thank you. Do you know the config for ASA firewall to allow HTTPS and SSH access by specific IPs management access to the firewall?
01-23-2009 05:45 PM
For the asa the syntax is quite a bit different. Here are examples for configuring SSH and ASDM access.
SSH:
ssh 10.10.1.0 255.255.255.0 inside
ssh 10.10.2.55 255.255.255.255 inside
ssh 1.2.3.4 255.255.255.255 outside
ASDM
http 10.10.1.0 255.255.255.0 inside
http 10.10.2.55 255.255.255.255 inside
http 1.2.3.4 255.255.255.255 outside
management-access inside
and for outside management
management-access outside
Note: Don't forget to permit outside management in your ACL's.
HTH,
Mark
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: