Solved

How to permit uses of SSH/Telnet from the Internet on router 1811?

Posted on 2009-03-29
3
221 Views
Last Modified: 2012-05-06
This is using router 1811 for firewall, dmvpn, and off course acl. My co-worker told me that she managed to use telnet/ssh in the internal network. But, when she tried to use ssh/telent thru the Internet, access denied.

How to permit her to use SSH/telnet thru Internet - although I know there might be a security breach out there.
0
Comment
Question by:Balack
  • 2
3 Comments
 
LVL 8

Expert Comment

by:Sniper98G
ID: 24014652
you have to allow ports 22 and 23 "from outside to self" in your firewall configuration and you will need to add entries to your telnet/ssh access lists that permit access from wherever you are connecting from.
0
 

Author Comment

by:Balack
ID: 24015335
Hi Sniper98G,

Can you show me the commands?
0
 
LVL 8

Accepted Solution

by:
Sniper98G earned 500 total points
ID: 24024993
The commands below will allow telnet and SSH through your firewall and add an ACL entry into your telnet ACL. However if you are not very familiar with programing router firewalls in command line I would recommend using the SDM to configure your firewall. You could irrepribly damage your working firewall config if this is done incoreclty and the variables I used may not be correct in your configuation. At the very least back up your current config to a text document before trying any of this.






Insert the network you want to allow access in place of <network>


Firewall:

ip access-list extended R_Man
 permit ip <network> 0.0.0.255 any

class-map type inspect match-any Remote_M
 match protocol telnet
 match protocol ssh

class-map type inspect match-all permit_class
 match class-map Remote_M
 match access-group name R_Man

policy-map type inspect permit_R
 class type inspect permit_class
  pass
 class class-default
  drop

zone-pair security out_to_self source out-zone destination self
 service-policy type inspect permit_R



Telnet ACL:

Access-List <your telnet ACL number> permit <network> 0.0.0.255
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PORT NUMBER FOR FIOS ROUTER 5 55
How to set DHCPv6 options on a Sonicwall? 13 157
using BGP Attributes 2 89
snmp-server enable traps gdoi ks-rekey-pushed 3 19
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question