nmxsupport
asked on
Configure Cisco Router 87x for SDM remote access
Hello
Can someone put me in the right direction to allow a Cisco 877/878 router to be managed externally through the SDM utility. I want to set this up using the SDM utility rather than directly into the IOS.
For security purposes this will only be allowed for a specific IP address.
Thanks
Can someone put me in the right direction to allow a Cisco 877/878 router to be managed externally through the SDM utility. I want to set this up using the SDM utility rather than directly into the IOS.
For security purposes this will only be allowed for a specific IP address.
Thanks
ip http server
ip http secure-server
ip http access-class 23
access-list 23 permit ip x.x.x.x
By default access is blocked to only the 10.10.10.x network, by either modifying ACL23 or removing the access-class statement altogether you will allow HTTPS from any interface. If you have applied an ACL on inbound connections make sure you specify access to the router IP itself for https, ssh, etc.
OTOH if you used the SDM to set it up initially, you will need to go through it line by line to figure out it it is blocking https access to the router.
ip http secure-server
ip http access-class 23
access-list 23 permit ip x.x.x.x
By default access is blocked to only the 10.10.10.x network, by either modifying ACL23 or removing the access-class statement altogether you will allow HTTPS from any interface. If you have applied an ACL on inbound connections make sure you specify access to the router IP itself for https, ssh, etc.
OTOH if you used the SDM to set it up initially, you will need to go through it line by line to figure out it it is blocking https access to the router.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
wingatesl> do I also need to setup a NAT rule which translates 443 to the router LAN address?
Negative, the access is to the router which is assigned the address. NAT is not required
heh you can tell I dont use the SDM. I can usually get these setup and working within 5 minutes of entering conf t. :)
ASKER
Yes all is fine now, one of the problems was trying to NAT 443 through to the internal interface of the router rather than managing it from the externl interface.
I really don't use the SDM, but I have to support 10 techs in the field that do.
When taking the tests for the CCSP it is a must know item using the SDM and ASDM, no more CLI sims in them. I still prefer CLI though over the ASDM/SDM except when it comes to modifying the ACLs.
ACLs and the zone based firewall
I havent had the pleasure of creating a ZBF yet, but in sims it is much easier in the SDM than CLI. Which now has me thinking I may try to get an ASA 5520 for our colo and utilize the ZBF and see if it can resolve a problem I encountered with addressing. Workarounds are OK, but nothing beats having it working correctly in the first place.
ASKER