Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

876 ISR: Allow GoToMyPC on one machine through Zone-based firewall

For a small business client, I used the Basic Firewall wizard to set up a High Security firewall as it stands. They're in the medical field and there are very strict patient data laws here. I left it up for several days without committing the changes to the startup.cfg so I could back out of the changes if I had any problems.

The client needs GoToMyPC on one machine (their P2P server machine) until I get the VPN configured, maybe even beyond as an overlap measure. Until they decided to implement a VPN, they've been using GoToMyPC for remote access, mostly for management but also employees. They use a mission critical database software package that keeps an appointment calendar and patient data to which they need remote access.

While GoToMyPC worked initially after the firewall was implemented, it seemd as though it eventually closed remote access down because a few days later I couldn't seem to connect. After rebooting the router (without changes committed), GoToMyPC then worked once again.

Is this my imagination? Was it the firewall or was it probably something else? If because of the firewall, how do I allow the traffic through for this application? And in particular, I just want to allow it now to the one P2P server machine.

BTW. I also allowed remote secure access to router configuration via CCP when I configured the firewall and that seemed to work without problems.

Thanks in advance for any ideas you might offer...

CCNA Routing & Switching, CCNA Security
Berlin, Germany

jeremyNLSO CCNA Routing & Switching, CCNA Security MCITP, MCTS Berlin, Germany
Everyone's tags (3)

876 ISR: Allow GoToMyPC on one machine through Zone-based firewa

Hello Noel,

Well as a peer to peer application this app will jump from ports to ports so one day it might use Port 80 and let's say that one was open on the FW but the next day used 8080 and that one was closed.

Best thing is to use the ip inspect log drop-pkt command to see if the FW is dropping the packets real time bud.

Looking for some Networking Assistance? 
Contact me directly at

I will fix your problem ASAP.


Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CreatePlease to create content