I'm using an X440 stack as an internet gateway for a customer.
I did create an access profile for all of the management profiles only permitting certain IP ranges to gain access.
I'm just looking for an ACL that will block SSH and port scans and what not from even discovering the gateway IP.
The SSH attempts fill the logs up. If I do a port scan on the router this comes up:
21/tcp open ftp
22/tcp open ssh
113/tcp filtered ident
135/tcp filtered msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
554/tcp open rtsp
593/tcp filtered http-rpc-epmap7070/tcp open realserver
I dont mind if it responds to ICMP. I just want everything else locked down.
If you have a transit ACL template I'd love a copy! Obviously I dont want to block ipforwarding or any protocols on any hosts after the router.