SSH access protection for SmartEdge

Acl added to interface 2/3

Only the SSH traffic from the 2/3 interface passes from the host 192.168.2.2 All other IP traffic from all hosts / networks is accepted by port 2/3.

!
context test
!
 no ip domain-lookup
!
 interface 2/2
  ip address 192.168.1.2/24
!
 interface 2/3
  ip address 192.168.2.1/24
  ip access-group ACL-1 in
!
 interface llop1 loopback
  ip address 20.20.20.20/32
 no logging console
!
 ip access-list ACL-1 ssh-and-telnet-acl
  seq 10 permit tcp host 192.168.2.2 any eq ssh max-sessions 5 min-sessions 0
  seq 20 deny tcp any any eq ssh
  seq 30 permit ip any any
!
 enable encrypted 1 $1$........$.nNQmFppgs3ECnFPrOgpx/
!
!
 administrator admin encrypted 1 $1$........$.nNQmFppgs3ECnFPrOgpx/
!
!
 ip route 0.0.0.0/0 192.168.1.1
 service ftp client
 service ssh
 service telnet
!
!
!
!
End

Use of admin-access-group ACL-2 in

Unlike the example above ACL-2 is plugged into the context, not the interface. Context test accepts execution within the SSH site. Only for hosts 192.168.2.2, 192.168.2.3

context test
!
 no ip domain-lookup
!
 interface 2/2
  ip address 192.168.1.2/24
!
 interface 2/3
  ip address 192.168.2.1/24
!
 interface llop1 loopback
  ip address 20.20.20.20/32
 no logging console
!
 ip access-list ACL-1 ssh-and-telnet-acl
  seq 10 permit tcp host 192.168.2.2 any eq ssh max-sessions 5 min-sessions 0
  seq 20 deny tcp any any eq ssh
  seq 30 permit ip any any
!
 ip access-list ACL-2
  seq 10 permit tcp host 192.168.2.2 any eq ssh
  seq 15 permit tcp host 192.168.2.3 any eq ssh
  seq 20 deny tcp any any eq ssh
  seq 30 permit ip any any
!
 enable encrypted 1 $1$........$.nNQmFppgs3ECnFPrOgpx/
!
!
 administrator admin encrypted 1 $1$........$.nNQmFppgs3ECnFPrOgpx/
!
!
 ip route 0.0.0.0/0 192.168.1.1
 service ftp client
 service ssh
 service telnet
!
 admin-access-group ACL-2 in
!
!
!
!
end