Re: CISCO FW IOS with allowing SSH to it from outside

From: Sam Munzani (sam@xxxxxxxxxxx)
Date: Tue Feb 13 2001 - 15:42:44 GMT-3

• Next message: David Ankers: "Re: tclsh - So far off topic it not true"
• Previous message: NoOne Important: "Re: CISCO FW IOS with allowing SSH to it from outside"
• Maybe in reply to: Sam Munzani: "CISCO FW IOS with allowing SSH to it from outside"
• Next in thread: NoOne Important: "Re: CISCO FW IOS with allowing SSH to it from outside"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I am just curious if FW IOS behaves just like PIX for management. On PIX you
can't telnet from outside interface at all. IOS FW does stateful inspection
same way as PIX. This could be a security feature. Is Any body out there
able to telnet to a IOS FW router from internet?

Sam

> uhm
> we overlooked the fact that you didn't put log or log-input after your
> telnet and ssh and only on the deny statement.
>
>
>
> >From: "Sam Munzani" <sam@munzani.com>
> >Reply-To: "Sam Munzani" <sam@munzani.com>
> >To: "NoOne Important" <lm_nguyen@hotmail.com>, <ccielab@groupstudy.com>
> >Subject: Re: CISCO FW IOS with allowing SSH to it from outside
> >Date: Tue, 13 Feb 2001 12:28:31 -0600
> >
> >You are right. xxx.xxx.xxx.xxx is my ethernet ip addr. The funny thing
is,
> >Nothing is captured in log file. If I try to ping any internal host form
> >outside, that gets logged but not my telnet or SSH attempts.
> >
> >Sam
> >
> > > xxxxxxxxxx i assume is your ethernet address? if so, i
> > > dun really see what's wrong maybe check typos check to see if there's
> >any
> > > access-group define under vty...check routing...etc see if there is
any
> > > other access-list block the traffic before it even get there
> > > turn on loggin console and see what happen when telnet or ssh to the
> > > router....
> > >
> > >
> > >
> > >
> > >
> > > >From: "Sam Munzani" <sam@munzani.com>
> > > >Reply-To: "Sam Munzani" <sam@munzani.com>
> > > >To: <ccielab@groupstudy.com>
> > > >Subject: CISCO FW IOS with allowing SSH to it from outside
> > > >Date: Tue, 13 Feb 2001 11:19:58 -0600
> > > >
> > > >Hi Group,
> > > >
> > > >I installed CISCO FW ios with CBAC commands standard configuration. =
> > > >Works great and for management, I cam telnet and SSH to the box from
=
> > > >internal network. Following access is applied to the outside
interface.
> > > >
> > > >access-list 100 permit tcp any host xxx.xxx.xxx.xxx eq 22
> > > >access-list 100 permit tcp any host xxx.xxx.xxx.xxx eq 23
> > > >access-list 100 deny ip any any log
> > > >
> > > >ip inspect name test_fw tcp
> > > >ip inspect name test_fw udp
> > > >ip inspect name test_fw cuseeme
> > > >ip inspect name test_fw ftp
> > > >ip inspect name test_fw h323
> > > >ip inspect name test_fw rcmd
> > > >ip inspect name test_fw realaudio
> > > >ip inspect name test_fw smtp
> > > >ip inspect name test_fw streamworks
> > > >ip inspect name test_fw vdolive
> > > >ip inspect name test_fw sqlnet
> > > >ip inspect name test_fw tftp
> > > >
> > > >
> > > >int e0/0
> > > >Descr Outside interface
> > > >ip address xxx.xxx.xxx.xxx 255.255.255.0
> > > >ip inspect test_fw out
> > > >ip access-group 100 in
> > > >
> > > >Telnet & SSH works fine from inside but not form outside. Any =
> > > >suggestions?
> > > >
> > > >Regards,
> > > >
> > > >Sam Munzani
> > > >CCIE # 6479, CCNP, CCDP, MCSE, CNE 5, SCO Master ACE, HP Openview =
> > > >Consultant
> > > >

• Next message: David Ankers: "Re: tclsh - So far off topic it not true"
• Previous message: NoOne Important: "Re: CISCO FW IOS with allowing SSH to it from outside"
• Maybe in reply to: Sam Munzani: "CISCO FW IOS with allowing SSH to it from outside"
• Next in thread: NoOne Important: "Re: CISCO FW IOS with allowing SSH to it from outside"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:47 GMT-3