Security Basics mailing list archives

access-list outside_access_in permitting ssh from specific hosts/ip's

From: "secrookie () gmail com" <secrookie () gmail com>
Date: Mon, 12 May 2008 20:46:27 +1000

I have 3 access lists to permit ssh.

The following permits ssh from any hosts thru my pix to port tcp/22.
Works great.

  access-list outside_access_in line 12 permit tcp any interface
outside eq ssh log 6 interval 300 (hitcnt=1)

I now want to increase the security and only permit hosts from abc.com
and aaa.bbb.ccc.ddd coming thru tcp/22. Do these access-lists look
correct?  I tried them but it doesnt appear to work.

  access-list outside_access_in line 12 permit tcp host abc.com
interface outside eq ssh log 6 interval 300 (hitcnt=0)
  access-list outside_access_in line 13 permit tcp host
aaa.bbb.ccc.ddd interface outside eq ssh log 6 interval 300 (hitcnt=0)

regards
secrookie

Current thread:

access-list outside_access_in permitting ssh from specific hosts/ip's secrookie () gmail com (May 12)
- <Possible follow-ups>
- Re: access-list outside_access_in permitting ssh from specific hosts/ip's ddidier (May 13)