I need to set up some extended ACL's to only allow SSH from trusted subnets. This is what I have come up with so far :
ip access-list extended allowSSH access-list 100 allow ip x.x.210.0 0.0.1.255 any log access-list 105 allow ip x.x.144.0 0.0.1.255 any log access-list 110 allow ip x.x.44.0 0.0.1.255 any log access-list 115 allow ip x.x.224.0 0.0.1.255 any log access-list 120 deny ip any any log exit
line vty 0 4 access-class allowSSH in transport input ssh exec-timeout 9 0
In general, is this a correct way to go about it. There are many more subnets that are to be denied SSH access, so I went the allow route. Suggestions, comments?
Thanks Lovejoy