From: Aqui Ordonez (aordonez@xxxxxxxxxx)
Date: Sat Sep 15 2001 - 13:27:14 GMT-3
Why not just create an access list on R1 that allows telnet traffic from
wherever you want it to come from, but not R2, and apply it as 'access-class
ListNumberOrName in' on line vty 0 4 ?
-----Original Message-----
From: Olivier Martin <omartin@genia.ca>
To: 'CCIE Cisco' <c_ccie@hotmail.com>; ccielab@groupstudy.com
<ccielab@groupstudy.com>
Date: Saturday, September 15, 2001 11:05 AM
Subject: RE : Telnet established
>You should apply the following access-list on R1 Serial 0 (in)
>
>access-list 100 permit tcp any eq telnet any
>access-list 100 deny ip any any
>
>Interface serial0
> ip access-group 100 in
>
>This way, established telnet traffic, comming from TCP port 23 on R2 will
be
>allowed to cross the link and make its way through R1.
>
>Nothing special on R1 has to be done to allow it to telnet out.. If you
want
>to restrict the traffic only to telnet outbound on R1 (this will prevent
>routing updates.. Depending on how you write your access-lists).
>
>access-list 101 permit tcp any any eq 23
>access-list 101 deny ip any any
>
>Interface serial0
> ip access-group 101 out
>
>The traffic directed outbound serial0 will be evaluated against the 101
>access-list..
>
>This should work..
>
>Olivier
>
>
>
>-----Message d'origine-----
>De : CCIE Cisco [mailto:c_ccie@hotmail.com]
>Envoyi : 15 septembre, 2001 08:36
>@ : ccielab@groupstudy.com
>Objet : Telnet established
>
>
>Hi,
>
>I am having R1 and R2 connected on serial link.
>
>
> R1--------------------R2
> (10.10.10.1) (10.10.10.2)
>
>
>I am at R1 and I want to telnet to R2 but I don't want to allow R2 to
telnet
>
>into R1.
>
>Can any one suggest access-lsit and where to apply (serial in/out)
>
>Thnaks in advance
>
>Mer
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:18 GMT-3