Allow VNC and Remote Desktop through router?

Unanswered Question
May 6th, 2008


How can I allow VNC (TCP 5900) and Windows Remote Desktop through a Cisco 877 to a PC behind it? The router doesn't have a static IP but I can get to it via dynamic DNS.

say local information is, Local IP: , Global interface: dialer1 with ip access-group 101 in.

And is it possibel to only allow a certain external IP access for exampe


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Tue, 05/06/2008 - 05:40

First setup your NATs

ip nat inside source static tcp 3389 dialer1 3389

Then add your ACL.

access-list 100 permit host any eq 3389

Finally, apply the ACL to an interface.

interface dialer1

ip access-group 100 in

The above commands are off the top of my head, so they might need a little tweaking. Be sure to use the ? for help. Hope that helps.

whiteford Tue, 05/06/2008 - 06:06


How does it find the right PC? Say I had 2 PC's which needed 3389 open? I see you have "any", will it just find the first that responds?

Or can this rule only work with one PC if I'm using a dynamic IP?


Collin Clark Tue, 05/06/2008 - 07:02

The NAT translation is what determines where it goes. The any is for the ACL only. If you want to access multiple PC's but you only have on public IP, you 'll have to change ports.

For example-

ip nat inside source static tcp 3389 dialer1 3390.

From the outside you would have to configure RDP to connect to port 3390 instead of 3389.


This Discussion