[c-nsp] vty access-list

C and C Dominte domintefamily at yahoo.co.uk
Thu Sep 13 09:23:09 EDT 2007


Hi,

I am trying to filter SSH access on a router from outside by source and destination ip address. To be more clear, the source SSH access is the outside /24 network x.x.x.x, and the destination SSH IP is one of the router's ip's. I want to be able to cut the ssh listening on all the ip's from the router interfaces, and allow it only on one ip.

The problem is that if the access list looks like:
access-list 199 permit tcp x.x.x.x 0.0.0.255 y.y.y.y 0.0.0.0 eq 22
it blocks the ssh access for all ip's including y.y.y.y

if the access list applied to the vty lines is:
access-list 199 permit tcp x.x.x.x 0.0.0.255 any eq 22
it permits the ssh access to all ip's residing on the router.

Is this a normal behavior of the IOS, to block access to all the ip's, including to the one that is supposed to be allowed? 

Thanks,

Catalin

       
---------------------------------
 For ideas on reducing your carbon footprint visit Yahoo! For Good this month.


More information about the cisco-nsp mailing list