Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Internet zone device- Secure access

Hi all,

What is the recomended method to secure the access to Internet zone devices (router/switch) with public IPs?  SSH enabled to access via Internet and is configured as transport for line vty with firm owned public ip ACL, even then the sitch/router responds to telnet with switch/router > via internet.

Test-INTR1#

!

line vty 0 4
access-class 23 in --> Firm owned puble IPs
exec-timeout 20 0
login local
transport input ssh
line vty 5 15
no login

!

Int vla30

ip addtress 20.20.20.1 255.255.255.248

!

Now from Internet (not from Firm IPs) with telnet test:

Test-INTR1> 

What is the procedure, so that it will not give any prompt form outside/firm owned public IPs..?

TIA

MS

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Internet zone device- Secure access

Hi MS,

Remove the unused vty lines should solve your problem.

no line vty 5 15

Regards,

Tim

3 REPLIES
New Member

Re: Internet zone device- Secure access

Disadvantage of publishing Network Devices to Internet

  1. Waste of IP address
  2. Exposing network devices for possible attacks, which may cause denial of service
  3. If your system (Laptop / desktop) affected, it may share keystroke information to attacker.

Hence , It's better to establish Remote-VPN solution for accessing and managing remote devices through Internet.

New Member

Re: Internet zone device- Secure access

Hi MS,

Remove the unused vty lines should solve your problem.

no line vty 5 15

Regards,

Tim

Re: Internet zone device- Secure access

Hi Tim,

I resolved the issue this morning and about to update the post in few. But, thank you for your reply. I used 'transport input none' for vty 5 15. Your resolution is better though..;-).

Thanks

MS

285
Views
0
Helpful
3
Replies
CreatePlease login to create content