Re: CISCO FW IOS with allowing SSH to it from outside

From: Sam Munzani (sam@xxxxxxxxxxx)
Date: Tue Feb 13 2001 - 15:28:31 GMT-3

• Next message: Adrian Chew: "Re: PPP over Ethernet"
• Previous message: Murphy, Brian J SSI-ISET-31: "RE: tclsh"
• Maybe in reply to: Sam Munzani: "CISCO FW IOS with allowing SSH to it from outside"
• Next in thread: NoOne Important: "Re: CISCO FW IOS with allowing SSH to it from outside"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
You are right. xxx.xxx.xxx.xxx is my ethernet ip addr. The funny thing is,
Nothing is captured in log file. If I try to ping any internal host form
outside, that gets logged but not my telnet or SSH attempts.

Sam

> xxxxxxxxxx i assume is your ethernet address? if so, i
> dun really see what's wrong maybe check typos check to see if there's any
> access-group define under vty...check routing...etc see if there is any
> other access-list block the traffic before it even get there
> turn on loggin console and see what happen when telnet or ssh to the
> router....
>
>
>
>
>
> >From: "Sam Munzani" <sam@munzani.com>
> >Reply-To: "Sam Munzani" <sam@munzani.com>
> >To: <ccielab@groupstudy.com>
> >Subject: CISCO FW IOS with allowing SSH to it from outside
> >Date: Tue, 13 Feb 2001 11:19:58 -0600
> >
> >Hi Group,
> >
> >I installed CISCO FW ios with CBAC commands standard configuration. =
> >Works great and for management, I cam telnet and SSH to the box from =
> >internal network. Following access is applied to the outside interface.
> >
> >access-list 100 permit tcp any host xxx.xxx.xxx.xxx eq 22
> >access-list 100 permit tcp any host xxx.xxx.xxx.xxx eq 23
> >access-list 100 deny ip any any log
> >
> >ip inspect name test_fw tcp
> >ip inspect name test_fw udp
> >ip inspect name test_fw cuseeme
> >ip inspect name test_fw ftp
> >ip inspect name test_fw h323
> >ip inspect name test_fw rcmd
> >ip inspect name test_fw realaudio
> >ip inspect name test_fw smtp
> >ip inspect name test_fw streamworks
> >ip inspect name test_fw vdolive
> >ip inspect name test_fw sqlnet
> >ip inspect name test_fw tftp
> >
> >
> >int e0/0
> >Descr Outside interface
> >ip address xxx.xxx.xxx.xxx 255.255.255.0
> >ip inspect test_fw out
> >ip access-group 100 in
> >
> >Telnet & SSH works fine from inside but not form outside. Any =
> >suggestions?
> >
> >Regards,
> >
> >Sam Munzani
> >CCIE # 6479, CCNP, CCDP, MCSE, CNE 5, SCO Master ACE, HP Openview =
> >Consultant
> >

• Next message: Adrian Chew: "Re: PPP over Ethernet"
• Previous message: Murphy, Brian J SSI-ISET-31: "RE: tclsh"
• Maybe in reply to: Sam Munzani: "CISCO FW IOS with allowing SSH to it from outside"
• Next in thread: NoOne Important: "Re: CISCO FW IOS with allowing SSH to it from outside"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:47 GMT-3