allow ssh only on outside interface, but telnet on inside interface of router

Discussion in 'Cisco' started by no-one, Jul 28, 2004.

  1. no-one

    no-one Guest

    All,

    I'm trying to figure out a way to allow telnet and ssh on the inside
    interface, but only ssh on the outside interface for a dual ethernet
    router.

    i was hoping i could build and acces class like:

    access-list 159 permit tcp any host 192.168.1.103 eq 22 log-input
    access-list 159 permit tcp any host 192.168.0.4 eq telnet log-input
    access-list 159 deny ip any any log-input

    192.168.1.103 is the outside.
    192.168.0.4 is the inside.

    this doesn't work though. checking the logs i see that the router uses
    0.0.0.0 for itself instead of the real ip address.

    00:44:05: %SEC-6-IPACCESSLOGP: list 159 denied tcp 192.168.1.101(1665)
    -> 0.0.0.0(22), 1 packets

    Does anyone know a way to get this to work?

    Thanks in advance
    Sean
     
    no-one, Jul 28, 2004
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.