Re: CISCO FW IOS with allowing SSH to it from outside

From: NoOne Important (lm_nguyen@xxxxxxxxxxx)
Date: Tue Feb 13 2001 - 15:32:07 GMT-3

• Next message: Sam Munzani: "Re: CISCO FW IOS with allowing SSH to it from outside"
• Previous message: Sam Munzani: "Re: tclsh"
• Maybe in reply to: Sam Munzani: "CISCO FW IOS with allowing SSH to it from outside"
• Next in thread: Sam Munzani: "Re: CISCO FW IOS with allowing SSH to it from outside"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
uhm
we overlooked the fact that you didn't put log or log-input after your
telnet and ssh and only on the deny statement.

>From: "Sam Munzani" <sam@munzani.com>
>Reply-To: "Sam Munzani" <sam@munzani.com>
>To: "NoOne Important" <lm_nguyen@hotmail.com>, <ccielab@groupstudy.com>
>Subject: Re: CISCO FW IOS with allowing SSH to it from outside
>Date: Tue, 13 Feb 2001 12:28:31 -0600
>
>You are right. xxx.xxx.xxx.xxx is my ethernet ip addr. The funny thing is,
>Nothing is captured in log file. If I try to ping any internal host form
>outside, that gets logged but not my telnet or SSH attempts.
>
>Sam
>
> > xxxxxxxxxx i assume is your ethernet address? if so, i
> > dun really see what's wrong maybe check typos check to see if there's
>any
> > access-group define under vty...check routing...etc see if there is any
> > other access-list block the traffic before it even get there
> > turn on loggin console and see what happen when telnet or ssh to the
> > router....
> >
> >
> >
> >
> >
> > >From: "Sam Munzani" <sam@munzani.com>
> > >Reply-To: "Sam Munzani" <sam@munzani.com>
> > >To: <ccielab@groupstudy.com>
> > >Subject: CISCO FW IOS with allowing SSH to it from outside
> > >Date: Tue, 13 Feb 2001 11:19:58 -0600
> > >
> > >Hi Group,
> > >
> > >I installed CISCO FW ios with CBAC commands standard configuration. =
> > >Works great and for management, I cam telnet and SSH to the box from =
> > >internal network. Following access is applied to the outside interface.
> > >
> > >access-list 100 permit tcp any host xxx.xxx.xxx.xxx eq 22
> > >access-list 100 permit tcp any host xxx.xxx.xxx.xxx eq 23
> > >access-list 100 deny ip any any log
> > >
> > >ip inspect name test_fw tcp
> > >ip inspect name test_fw udp
> > >ip inspect name test_fw cuseeme
> > >ip inspect name test_fw ftp
> > >ip inspect name test_fw h323
> > >ip inspect name test_fw rcmd
> > >ip inspect name test_fw realaudio
> > >ip inspect name test_fw smtp
> > >ip inspect name test_fw streamworks
> > >ip inspect name test_fw vdolive
> > >ip inspect name test_fw sqlnet
> > >ip inspect name test_fw tftp
> > >
> > >
> > >int e0/0
> > >Descr Outside interface
> > >ip address xxx.xxx.xxx.xxx 255.255.255.0
> > >ip inspect test_fw out
> > >ip access-group 100 in
> > >
> > >Telnet & SSH works fine from inside but not form outside. Any =
> > >suggestions?
> > >
> > >Regards,
> > >
> > >Sam Munzani
> > >CCIE # 6479, CCNP, CCDP, MCSE, CNE 5, SCO Master ACE, HP Openview =
> > >Consultant
> > >

• Next message: Sam Munzani: "Re: CISCO FW IOS with allowing SSH to it from outside"
• Previous message: Sam Munzani: "Re: tclsh"
• Maybe in reply to: Sam Munzani: "CISCO FW IOS with allowing SSH to it from outside"
• Next in thread: Sam Munzani: "Re: CISCO FW IOS with allowing SSH to it from outside"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:47 GMT-3