Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to permit uses of SSH/Telnet from the Internet on router 1811?

Posted on 2009-03-29
3
Medium Priority
?
231 Views
Last Modified: 2012-05-06
This is using router 1811 for firewall, dmvpn, and off course acl. My co-worker told me that she managed to use telnet/ssh in the internal network. But, when she tried to use ssh/telent thru the Internet, access denied.

How to permit her to use SSH/telnet thru Internet - although I know there might be a security breach out there.
0
Comment
Question by:Balack
  • 2
3 Comments
 
LVL 8

Expert Comment

by:Sniper98G
ID: 24014652
you have to allow ports 22 and 23 "from outside to self" in your firewall configuration and you will need to add entries to your telnet/ssh access lists that permit access from wherever you are connecting from.
0
 

Author Comment

by:Balack
ID: 24015335
Hi Sniper98G,

Can you show me the commands?
0
 
LVL 8

Accepted Solution

by:
Sniper98G earned 2000 total points
ID: 24024993
The commands below will allow telnet and SSH through your firewall and add an ACL entry into your telnet ACL. However if you are not very familiar with programing router firewalls in command line I would recommend using the SDM to configure your firewall. You could irrepribly damage your working firewall config if this is done incoreclty and the variables I used may not be correct in your configuation. At the very least back up your current config to a text document before trying any of this.






Insert the network you want to allow access in place of <network>


Firewall:

ip access-list extended R_Man
 permit ip <network> 0.0.0.255 any

class-map type inspect match-any Remote_M
 match protocol telnet
 match protocol ssh

class-map type inspect match-all permit_class
 match class-map Remote_M
 match access-group name R_Man

policy-map type inspect permit_R
 class type inspect permit_class
  pass
 class class-default
  drop

zone-pair security out_to_self source out-zone destination self
 service-policy type inspect permit_R



Telnet ACL:

Access-List <your telnet ACL number> permit <network> 0.0.0.255
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question