Re: ACL [7:83974] posted 02/10/2004
- Subject: Re: ACL [7:83974]
- From: "Thomas N" <ThomasN@xxxxxxxxxx>
- Date: Tue, 10 Feb 2004 03:01:29 GMT
Thank you much! It's very interesting on the "ip source-interface" command.
I tried but still got blocked when initiate the session from the router.
Also, doen't the second line of the ACL allow any host to telnet to the
""tu do"" wrote in message
> Thomas wrote:
> "Hi All - I setup a lab and ran into ACL problem. I got an ACL on a router
> to block all incoming telnet sessions; however, this also blocked the
> telnet session originate from this router, even I allowed the IP address
> the outside interface talking to "any". For example, the IP address of the
> serial interface is 220.127.116.11, I got the following ACL:
> (config)# access-list 110 permit tcp host 18.104.22.168 any eq telnet
> (config)# access-list 110 permit tcp any host 22.214.171.124 eq telnet
> (config)# access-list 110 deny ip any any
> What did I do wrong? or it's the nature of the ACLs on Cisco routers? Is
> there workaround on this? Thanks much!
> Thomas "
> The issue is:
> Why your router has to use address of interface serial (say 0) but not the
> other interface's as its source for telnet/ssh?
> You need to enter this command:
> "ip telnet source-interface serial0"
> at global configuration. Do familiar thing to ssh.
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> FAQ, list archives, and subscription info:
Message Posted at:
**Please support GroupStudy by purchasing from the GroupStudy Store:
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html