Solved

How to permit uses of SSH/Telnet from the Internet on router 1811?

Posted on 2009-03-29
3
223 Views
Last Modified: 2012-05-06
This is using router 1811 for firewall, dmvpn, and off course acl. My co-worker told me that she managed to use telnet/ssh in the internal network. But, when she tried to use ssh/telent thru the Internet, access denied.

How to permit her to use SSH/telnet thru Internet - although I know there might be a security breach out there.
0
Comment
Question by:Balack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 8

Expert Comment

by:Sniper98G
ID: 24014652
you have to allow ports 22 and 23 "from outside to self" in your firewall configuration and you will need to add entries to your telnet/ssh access lists that permit access from wherever you are connecting from.
0
 

Author Comment

by:Balack
ID: 24015335
Hi Sniper98G,

Can you show me the commands?
0
 
LVL 8

Accepted Solution

by:
Sniper98G earned 500 total points
ID: 24024993
The commands below will allow telnet and SSH through your firewall and add an ACL entry into your telnet ACL. However if you are not very familiar with programing router firewalls in command line I would recommend using the SDM to configure your firewall. You could irrepribly damage your working firewall config if this is done incoreclty and the variables I used may not be correct in your configuation. At the very least back up your current config to a text document before trying any of this.






Insert the network you want to allow access in place of <network>


Firewall:

ip access-list extended R_Man
 permit ip <network> 0.0.0.255 any

class-map type inspect match-any Remote_M
 match protocol telnet
 match protocol ssh

class-map type inspect match-all permit_class
 match class-map Remote_M
 match access-group name R_Man

policy-map type inspect permit_R
 class type inspect permit_class
  pass
 class class-default
  drop

zone-pair security out_to_self source out-zone destination self
 service-policy type inspect permit_R



Telnet ACL:

Access-List <your telnet ACL number> permit <network> 0.0.0.255
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to choose hardware firewall 5 97
DMVPN Spoke Connectivity Issue 1 83
ACL not working 11 64
Access-List 15 64
It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question