09-13-2007 11:53 PM - edited 03-03-2019 06:45 PM
Hi,
We have a test network that is partitioned off the production network via a routed connection and ACLs.
But a VNC session needs to be allowed from the test network to production network AND from production to test network.
The ACL will have to be 'any source' and 'any destination' networks, and I was going to use an INbound and an OUTbound ACL on the same interface from/to the test network (ie with a destination port eq 5900).
For example:
ip access-group 100
permit tcp any any eq 5900
deny ip any any
But if I apply above ACL to the egress/ingress interface to the test network, it will stop VNC traffic altogether (ie because there will not be a match for VNC data for the return conversation (will not match port 5900)).
Without purchasing a firewall, is there anyway I can apply a VNC ACL BOTHWAY filter.
Thanks in anticipation.
regards
Mark
09-14-2007 12:36 AM
Try this instead:
ip access-list extended VNC-LIST
permit tcp any any range 5900 5910
permit tcp any range 5900 5910 any
permit tcp any any range 5800 5810
permit tcp any range 5800 5810 any
permit tcp any any range 5500 5510
permit tcp any range 5500 5510 any
and apply it both ways.
This ACL is per this document: http://faq.gotomyvnc.com/fom-serve/cache/52.html
It allows up to 11 VNC sessions to any machine, and it allows communication BOTH WAYS (you have allowed only one way communication).
Hope this helps.
Please rate all helpful posts.
09-14-2007 03:58 AM
Thanks,
This works a treat.
Not only that I've learnt something - wish is always good.
Thanks alot for your help.
regards
mark
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide