Cisco 831 ISR ACL to allow Telnet Session

[tex52]

I have a Cisco 831 ISR. I have an access group 101 on the Dialer0 int, the outside interface. I want allow telnet session to the ISR from any external IP. I have my ACL contenets below. The two subnet are 192.168.1.0 and 192.168.2.0. What do I need to add to allow telnet to the router from outside? Thanks.

access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 deny ip 192.168.2.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 101 permit ip any 192.0.0.0 0.255.255.255

 

[JOAMON]

101 I assume is you NAT access statement. Are you using any other access lists on your interfaces and/or VTY lines?

 

[JOAMON]

Just an idea for you to consider. We have an 831 router which is configured to act as a VPN server. With the use of Cisco VPN client software it is easy to VPN onto the network and then once on the network am able to telnet to anything. By telnetting in the open and unencrypted over the internet that traffic could be captured exposing you to a possible attack. If this interests you see the following link:

http://www.cisco.com/application/pdf/en/us/guest/products/ps6659/c1650/cdccont_0900aecd80313bf8.pdf