[c-nsp] One Entry Point into Cisco network.
Oleg Gnedykh
olegug at narod.ru
Fri Dec 17 06:27:10 EST 2010
Hi Guys!
Thank you very much for your answers.
But I've really wonted to enter into network from ANY addresses and
ONLY to definite access point. It is necessary because of different causes.
I have a router with several hundred IP-interfaces which different from time to time.
Of course, I am able to attach ACL for all interfaces but instead this I want to
assign ONLY ONE IP-interface for access to my network.
And after that, I'll can to control and to guard only ONE interface.
PS: Of course, The "access-list 111 deny ip any any log" need only for
logging and traps.
------------Quote-----------
> I want to create a network with one entry point.
> AFIK it's a best practise for network designing.
> For example it maybe a something router with a Loopback interface.
> I've created Loop0, ACL and attached it to "line vty"
> interface Loopback10
> description ### Manage ###
> ip address 192.168.1.1 255.255.255.255
> access-list 111 permit ip any host 192.168.1.1 log
> access-list 111 deny ip any any log
> line vty 0 4
> access-class 111 in
> And as a result I have connection refused
> %SEC-6-IPACCESSLOGP: list 111 denied tcp 192.168.20.1(2683) -> 0.0.0.0(23), 1 packet
> There is 192.168.20.1 is a local address for on my PC.
> What can I do anything???
------------Quote-----------
With best regards, Oleg.
More information about the cisco-nsp
mailing list