Announcement

Collapse
No announcement yet.

Cisco 871 WAN access via SSH or SDM

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco 871 WAN access via SSH or SDM

    Hello everyone,

    I have just joined/register in petru.co.il and I wanted to introduce myself and thank everyone for their contribution on this networking forum.
    Here we go then....I've been working with a Cisco 871 router some quite a while now but I can;t get the WAN interface configured to allow SDM or ssh from the firewall outside zone.
    The router is going to be delivered shortly but I rather get configure the remote access to device just in case I need to get connected to it later on.
    Has someone with working experience on this device manage to get this configuration up and running?Any ideas are more than welcome.

    The WAN interface on cisco is directly connected to server from which I test WAN access but when the SDM window starts I never get prompted to introduce the user name and password. SSH access also fails and this isssue is becmong a real pain.

    Below the current run-config:
    interface FastEthernet4
    description $ES_WAN$$FW_OUTSIDE$
    ip address xx.xx.215.102 255.255.255.0
    ip access-group 101 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    zone-member security out-zone
    ip route-cache flow
    duplex auto
    speed auto
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
    ip address 10.2.13.3 255.255.255.0
    ip access-group 104 in
    ip mask-reply
    no ip redirects
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    zone-member security in-zone
    ip route-cache flow
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 xx.xx.215.97
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 1 interface FastEthernet4 overload
    logging trap debugging
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 10.2.13.0 0.0.0.255
    access-list 2 permit xx.xx.103.249
    access-list 2 remark Auto generated by SDM Management Access feature
    access-list 2 remark SDM_ACL Category=1
    access-list 2 permit 10.18.0.0 0.0.255.255
    access-list 2 permit 10.2.13.0 0.0.0.255
    access-list 100 remark SDM_ACL Category=128
    access-list 100 permit ip host 255.255.255.255 any
    access-list 100 permit ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip 212.77.215.0 0.0.0.255 any
    access-list 101 remark Auto generated by SDM Management Access feature
    access-list 101 remark SDM_ACL Category=1
    access-list 101 permit tcp 10.18.0.0 0.0.255.255 host xx.xx.215.102 eq telnet
    access-list 101 permit tcp host xx.xx.103.249 host xx.xx.215.102 eq telnet
    access-list 101 permit tcp 10.18.0.0 0.0.255.255 host xx.xx.215.102 eq 22
    access-list 101 permit tcp host xx.xx.103.249 host xx.xx.215.102 eq 22
    access-list 101 permit tcp 10.18.0.0 0.0.255.255 host xx.xx.215.102 eq www
    access-list 101 permit tcp host xx.xx.103.249 host xx.xx.215.102 eq www
    access-list 101 permit tcp 10.18.0.0 0.0.255.255 host xx.xx.215.102 eq 443
    access-list 101 permit tcp host xx.xx.103.249 host xx.xx.215.102 eq 443
    access-list 101 permit tcp 10.18.0.0 0.0.255.255 host xx.xx.215.102 eq cmd
    access-list 101 permit tcp host xx.xx.103.249 host xx.xx.215.102 eq cmd
    access-list 101 deny tcp any host xx.xx.215.102 eq telnet
    access-list 101 deny tcp any host xx.xx.215.102 eq 22
    access-list 101 deny tcp any host xx.xx.215.102 eq www
    access-list 101 deny tcp any host xx.xx.215.102 eq 443
    access-list 101 deny tcp any host xx.xx.215.102 eq cmd
    access-list 101 deny udp any host xx.xx.215.102 eq snmp
    access-list 101 permit ip any any
    access-list 102 remark Auto generated by SDM Management Access feature
    access-list 102 remark SDM_ACL Category=1
    access-list 102 permit ip 10.18.0.0 0.0.255.255 any
    access-list 102 permit ip 10.2.13.0 0.0.0.255 any
    access-list 102 permit ip host xx.xx.103.249 any
    access-list 103 remark Auto generated by SDM Management Access feature
    access-list 103 remark SDM_ACL Category=1
    access-list 103 permit ip host xx.xx.103.249 host xx.xx.215.102
    access-list 104 remark Auto generated by SDM Management Access feature
    access-list 104 remark SDM_ACL Category=1
    access-list 104 permit tcp 10.2.13.0 0.0.0.255 host 10.2.13.3 eq telnet
    access-list 104 permit tcp 10.2.13.0 0.0.0.255 host 10.2.13.3 eq 22
    access-list 104 permit tcp 10.2.13.0 0.0.0.255 host 10.2.13.3 eq www
    access-list 104 permit tcp 10.2.13.0 0.0.0.255 host 10.2.13.3 eq 443
    access-list 104 permit tcp 10.2.13.0 0.0.0.255 host 10.2.13.3 eq cmd
    access-list 104 deny tcp any host 10.2.13.3 eq telnet
    access-list 104 deny tcp any host 10.2.13.3 eq 22
    access-list 104 deny tcp any host 10.2.13.3 eq www
    access-list 104 deny tcp any host 10.2.13.3 eq 443
    access-list 104 deny tcp any host 10.2.13.3 eq cmd
    access-list 104 deny udp any host 10.2.13.3 eq snmp
    access-list 104 permit ip any any
    access-list 105 remark Auto generated by SDM Management Access feature
    access-list 105 remark SDM_ACL Category=1
    access-list 105 permit ip 10.18.0.0 0.0.255.255 host xx.xx.215.102

    thanks in advance any ideas welcome.
    Regards
Working...
X