05-06-2008 12:18 AM - edited 03-03-2019 09:49 PM
Hi,
How can I allow VNC (TCP 5900) and Windows Remote Desktop through a Cisco 877 to a PC behind it? The router doesn't have a static IP but I can get to it via dynamic DNS.
say local information is, Local IP: 192.168.2.100 , Global interface: dialer1 with ip access-group 101 in.
And is it possibel to only allow a certain external IP access for exampe 1.2.3.4?
Thanks
05-06-2008 05:40 AM
First setup your NATs
ip nat inside source static tcp 192.168.2.100 3389 dialer1 3389
Then add your ACL.
access-list 100 permit host 1.2.3.4 any eq 3389
Finally, apply the ACL to an interface.
interface dialer1
ip access-group 100 in
The above commands are off the top of my head, so they might need a little tweaking. Be sure to use the ? for help. Hope that helps.
05-06-2008 06:06 AM
Thanks,
How does it find the right PC? Say I had 2 PC's which needed 3389 open? I see you have "any", will it just find the first that responds?
Or can this rule only work with one PC if I'm using a dynamic IP?
Thanks
05-06-2008 07:02 AM
The NAT translation is what determines where it goes. The any is for the ACL only. If you want to access multiple PC's but you only have on public IP, you 'll have to change ports.
For example-
ip nat inside source static tcp 192.168.1.201 3389 dialer1 3390.
From the outside you would have to configure RDP to connect to port 3390 instead of 3389.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: