GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: ACL [7:83974] posted 02/10/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Thank you much!  It's very interesting on the "ip source-interface" command.
I tried but still got blocked when initiate the session from the router.
Also, doen't the second line of the ACL allow any host to telnet to  the
router?

Thomas


""tu do""  wrote in message
news:200402090359.i193xWTe010511@xxxxxxxxxxxxxxxxx
> Thomas wrote:
> "Hi All - I setup a lab and ran into ACL problem. I got an ACL on a router
> to block all incoming telnet sessions; however, this also blocked the
> telnet session originate from this router, even I allowed the IP address
of
> the outside interface talking to "any". For example, the IP address of the
> serial interface is 128.1.1.1, I got the following ACL:
>
> (config)# access-list 110 permit tcp host 128.1.1.1 any eq telnet
> (config)# access-list 110 permit tcp any host 128.1.1.1 eq telnet
> (config)# access-list 110 deny ip any any
>
> What did I do wrong? or it's the nature of the ACLs on Cisco routers? Is
> there workaround on this? Thanks much!
>
> Thomas "
>
> The issue is:
> Why your router has to use address of interface serial (say 0) but not the
> other interface's as its source for telnet/ssh?
>
> You need to enter this command:
> "ip telnet source-interface serial0"
> at global configuration. Do familiar thing to ssh.
>
> Regards,
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> http://shop.groupstudy.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=84091&t=83974
--------------------------------------------------
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html