RE: Restrict vty telnet TO only one ip address on the router -- N OT F ROM

From: roel.fonteyn@xxxxxxxxxxx
Date: Fri Aug 30 2002 - 04:48:54 GMT-3

• Next message: yakout yakout: "RE: IRDP AGAIN!!"
• Previous message: Hunt Lee: "Please help!!!"
• Maybe in reply to: Roberts, Larry: "RE: Restrict vty telnet TO only one ip address on the router -- N OT F ROM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Larry,

Thanks for the suggestion. But extened (named) access-list is not possible. Vty
 access-group does accept 0-99 & 100-199. That's why I use 150, to be able to p
in-point one destination address.

Restricting source addresses works indeed, but I have no way of enforcing them
to pass the Fireall before being able to telnet into the router.(Except if I us
e policy-routing)

Setup is:

ROUT is using vrf-lite/multi-vrf, External clients/Business partners need to pa
ss the FW before being allowed on the DMZ or LAN. remote management is doing th
e network management & reporting for this client,so he is a Business partner wh
ich is politically forced to pass through the Firewall.

WAN CLOUD --------------|ROUT | ---- LAN
                                | | |
                                | | |
REMOTE MANAGEMENT ------|_____|----FW

Mvg/Rgrds,

Roel

• Next message: yakout yakout: "RE: IRDP AGAIN!!"
• Previous message: Hunt Lee: "Please help!!!"
• Maybe in reply to: Roberts, Larry: "RE: Restrict vty telnet TO only one ip address on the router -- N OT F ROM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:42 GMT-3