[c-nsp] One Entry Point into Cisco network.

Ziv Leyes zivl at gilat.net
Thu Dec 16 09:46:47 EST 2010


Here's my suggestion:

no access-list 111

! If you want access only from your PC, then

access-list 11 permit 192.168.20.1

! Or, if you want access from all the network your PC is on, then

access-list 11 permit 192.168.20.0 0.0.0.255

!and at the end:
!
line vty 0 4
access-class 11 in
!

In this case, you don't need to deny anything, only put what you want to allow, the deny is an implied rule

Good luck!

Ziv


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Oleg Gnedykh
Sent: Thursday, December 16, 2010 3:26 PM
To: cisco-nsp-request at puck.nether.net
Subject: [c-nsp] One Entry Point into Cisco network.

Hi Guys!

I want to create a network with one entry point.
AFIK it's a best practise for network designing.
For example it maybe a something router with a Loopback interface.
I've created Loop0, ACL and attached it to "line vty"

 interface Loopback10
 description ### Manage ###
 ip address 192.168.1.1 255.255.255.255

 access-list 111 permit ip any host 192.168.1.1 log  access-list 111 deny ip any any log

 line vty 0 4
 access-class 111 in


And as a result I have connection refused
%SEC-6-IPACCESSLOGP: list 111 denied tcp 192.168.20.1(2683) -> 0.0.0.0(23), 1 packet There is 192.168.20.1 is a local address for on my PC.

What can I do anything???

With best regards, Oleg.


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

 
 
************************************************************************************
This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************




The information contained in this e-mail message and its attachments is confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender, and then delete the message from your computer.  Thank you!

******** This mail was sent via Mail-SeCure System.********



 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************






More information about the cisco-nsp mailing list