From: Sean C (Upp_and_Upp@hotmail.com)
Date: Sat Jun 04 2005 - 16:55:04 GMT-3
Hello,
Thought I 'had' Lock-n-key down, but now I'm wondering...
On IEWB's Volume 2 Lab 2, task 10.1 - can anyone explain why in this
lock-and-key scenario the ACL doesn't need telnet allowed to the receiving
router, first, before the dynamic ACL. I understand the tcp 8080 on the
dynamic line, but shouldn't the user first need to authenticate to R3?
From the CD, the fourth point:
Configure Telnet as the protocol so that users must open a Telnet session into
the router to be authenticated before they can gain access through the
router.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecu
r_c/ftrafwl/scflock.htm#wp1001063
Something like:
ip access-list extended DYNAMIC
permit tcp any host <R3IP> eq telnet
dynamic WEB permit tcp any host 172.1.3.100 eq 8080
deny ip any host 172.1.3.100
permit ip any any
As always, thanks,
Sean
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:40 GMT-3