I am trying to limit telnet and VPN access by IP address on Cisco 1111 Router.
I have the following ACL applied to the outside interface g0/0/0
permit tcp host my.sta.tic.ip host cis.co.st.ip eq telnet
permit udp host my.sta.tic.ip host cis.co.st.ip eq 500
permit udp host my.sta.tic.ip host cis.co.st.ip eq 4500
permit udp host my.sta.tic.ip host cis.co.st.ip eq 1701
.... (permit other static ip addresses for same protocols)
deny tcp any any eq telnet
deny udp any any eq 500
deny udp any any eq 4500
deny udp any any eq 1701
permit ip any any
I added the last 5 lines, because if I implemented the ACL without those, it shut down all web traffic.
"show IP translations" returns:
Inside Global Inside Local Outside Local Outside Global
xx.xx.xx.xx:500 192.10.1.200:500 --- ---
xx.xx.xx.xx:4500 192.10.1.200:4500 --- ---
xx.xx.xx.xx:1701 192.10.1.200:1701 --- ---
where .200 is the local address of the Windows 2016 server.
However, I cannot access the server via a VPN connection though I was able to do so before the client switched to a Cisco router.
Here is the puzzling part: I was able to access the router via Telnet remotely from my.sta.tic.ip exactly once! The connection failed after a couple minutes and would not reconnect.
Any ideas on what I am missing? Thanks.
