[j-nsp] Disable telnet/ssh access from virtual routers
Victor Sudakov
vas at mpeks.tomsk.su
Wed Jul 15 12:11:42 EDT 2015
Colleagues,
I have customers' networks connected to routing-instances of type
"virtual-router." These routing-instances are supposed to be isolated
and use their own address space.
However, a customer can telnet/ssh from their network to the
virtual-router's IP address effectively telnetting to the main device.
Is there an elegant way to prevent this from happening, i.e. to permit
telnet/ssh access from hosts in the inet.0 table but deny from hosts
from the CUSTOMERXX.inet.0 table?
Thanks in advance for any input.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the juniper-nsp
mailing list