Telnet and ACL's 1

[pgaliardo]

I understand that ACL's can be applied to the vty lines to control access to Telnet. My question is this:
If I already have an ACL on the WAN interface that does not allow port 23, is that enough to prevent Telnet access to my router from the outside? I imagine that packets hit the outside interface before ever getting to a telnet line. Is that correct?

If I am incorrect in my assumption, what is the best way to only allow telnet access to my router from the internal LAN (10.0.0.0 network).

Thanks.

 

[DanInRaleigh]

...yes,,, a access-list built to block port 23..and applied to the outside interface in the inbound direction will block telnet from www.

http://www.cisco.com/en/US/products...s_configuration_example09186a0080204528.shtml

..below pulled from link above..pretty straight forward

In this example, passwords are configured for users attempting to connect to the router on the VTY lines using Telnet.

From the privileged EXEC (or "enable") prompt, enter configuration mode and enter username/password combinations, one for each user for whom you want to allow access to the router:


router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#username russ password montecito
router(config)#username cindy password belgium
router(config)#username mike password rottweiler

Switch to line configuration mode, using the following commands. Notice that the prompt changes to reflect the current mode.

router(config)#line vty 0 4
router(config-line)#Configure password checking at login.

router(config-line)#login local
Exit configuration mode.

router(config-line)#end


CCNP,CCSP,MCSE,Sec+,Net+,A+...

 

[pgaliardo]

Thanks for the detailed reply DanInRaleigh. Many thanks.