Allowing SSH only from trusted subnets

I need to set up some extended ACL's to only allow SSH from trusted subnets. This is what I have come up with so far :

ip access-list extended allowSSH access-list 100 allow ip x.x.210.0 any log access-list 105 allow ip x.x.144.0 any log access-list 110 allow ip x.x.44.0 any log access-list 115 allow ip x.x.224.0 any log access-list 120 deny ip any any log exit

line vty 0 4 access-class allowSSH in transport input ssh exec-timeout 9 0

In general, is this a correct way to go about it. There are many more subnets that are to be denied SSH access, so I went the allow route. Suggestions, comments?

Thanks Lovejoy

Reply to
Loading thread data ...

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Agreed 'allow route' is better.

formatting link
I think you may be able to accomplish with a standard access control list when used in conjunction with access-class command


Reply to

Thanks for the response. I will give it a try.

Thanks Lovejoy

Reply to
Lovejoy Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.