Cisco 877 - allow only one external static ip to connect to my server ?

Unanswered Question
Jan 5th, 2010

Hello,

  Can anyone tell how how to setup up the Cisco 877 to allow only one external ip xxx.xxx.xxx.xxx to access my server ?

  Consider this:

  My Server PC connects to the internet through the Cisco 877 and it has an internal ip 10.10.10.2 and also an SQL Server

  My other PC on a different location has a static IP 123.123.123.123 (it's an example)

  What i want is only to allow ONLY my other PC with the IP 123.123.123.123 to access my Server and only the SQL Server port.

  IOW, if  anyone tries to access my server without having the IP 123.123.123.123 block the access.

Thank you in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

I will assume the 123.123.x.x is an internet address? If so they yes you can setup PAT for the SQL server to the Internet on a unique port and ACL it so only the internet IP (123.123.x.x) is allowed to hit that external address on that port.

Here`s a rough example:

ip nat inside source static tcp 10.10.10.1 1433 201.201.201.1 1433

access-list 150 permit tcp host 123.123.123.123 host 201.201.201.1 eq 1433

access-list 150 deny ip any any

Good luck

pangio1453 Thu, 01/07/2010 - 15:47

Dear Bob,

  What is the "201.201.201.1" ?

  Also can i do this through SDM or i need to do it through console ?

Thank you very much

That IP is just an example of the Internet facing public IP assigned to your internal server. If you only have one outside IP use PAT. I didn't know you had SDM yes you can do it thorugh there. Just remember you need a publically accessible IP address on the internet that is NAT'd to your host; then you apply the ACL on the outside inteface to only allow your PC to access that public IP on the port specified.

Cheers

Bob

Actions

This Discussion