Need help. AOS 6.5.x 7210 VPN controlelr and 7220 Hub controller. Master/Master.
I am trying to restrict users from SSH to my VPN controller both users on the remote controller and users from the Hub location. I want a basic ACL to restrict this access inbound on the user interfaces of the 7210 VPN controller and on the Crypto-local map to restrict the users coming from the Hub controller. In both cases I get errors. VPN tunnel and ports are all trusted. I know if I make it untrusted i can apply this but how could I secure with a trusted port?
(VPN-LAB-Controller) (config-dest) # ip access-list session Aruba-VPN-Controller-Security
(VPN-LAB-Controller) (config-sess-Aruba-VPN-Controller-Security)# any alias Aruba-VPN-Controllers svc-ssh deny
(VPN-LAB-Controller) (config-sess-Aruba-VPN-Controller-Security)# any alias Aruba-VPN-Controllers svc-snmp deny
(VPN-LAB-Controller) (config-sess-Aruba-VPN-Controller-Security)# any alias Aruba-VPN-Controllers svc-ntp deny
(VPN-LAB-Controller) (config-sess-Aruba-VPN-Controller-Security)# any any any permit
(VPN-LAB-Controller) (config-sess-Aruba-VPN-Controller-Security)#exit
(VPN-LAB-Controller) (config-dest) #netdestination Aruba-VPN-Controllers
(VPN-LAB-Controller) (config-dest) # network 10.50.124.0 255.255.254.0
(VPN-LAB-Controller) (config) #interface range gigabitethernet 0/0/0-0/10
(VPN-LAB-Controller) (config-range) # ip access-group Aruba-VPN-Controller-Security in
Invalid Access List Usage
(VPN-LAB-Controller) (config-range) #ip access-group Aruba-VPN-Controller-Security session
Illegal Operation: Interface is untrusted