From: Olivier Martin (omartin@xxxxxxxx)
Date: Sat Sep 15 2001 - 11:46:07 GMT-3
You should apply the following access-list on R1 Serial 0 (in)
access-list 100 permit tcp any eq telnet any
access-list 100 deny ip any any
Interface serial0
ip access-group 100 in
This way, established telnet traffic, comming from TCP port 23 on R2 will be
allowed to cross the link and make its way through R1.
Nothing special on R1 has to be done to allow it to telnet out.. If you want
to restrict the traffic only to telnet outbound on R1 (this will prevent
routing updates.. Depending on how you write your access-lists).
access-list 101 permit tcp any any eq 23
access-list 101 deny ip any any
Interface serial0
ip access-group 101 out
The traffic directed outbound serial0 will be evaluated against the 101
access-list..
This should work..
Olivier
-----Message d'origine-----
De : CCIE Cisco [mailto:c_ccie@hotmail.com]
Envoyi : 15 septembre, 2001 08:36
@ : ccielab@groupstudy.com
Objet : Telnet established
Hi,
I am having R1 and R2 connected on serial link.
R1--------------------R2
(10.10.10.1) (10.10.10.2)
I am at R1 and I want to telnet to R2 but I don't want to allow R2 to telnet
into R1.
Can any one suggest access-lsit and where to apply (serial in/out)
Thnaks in advance
Mer
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:18 GMT-3