Reflexive access-list problems. How to allow everything and just VNC?
I have a cisco 877 router (Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(9)T, RELEASE SOFTWARE (fc1))
On the router I have servers directly connected to it and I have a sonicwall firewall also connected to it. Behind the sonic I have my LAN. How to allow everything to the Sonicwall so that sonicwalls VPN would work. Everything else works fine from LAN and from the servers.
The other question is that how to allow vnc connections with reflective acl? Or is this even possible?
I've tried something like this with no luck.
!There is also other permit lines on the list but do they really matter? no Denys except for the implicit at the very end.
ip access-list extended insideaccess
permit ip any host 184.108.40.206
!Everything from the inside should be allowed out.
ip access-list extended outsideaccess
permit tcp any any reflect tcp-reflexive-temporary-list
permit udp any any reflect udp-reflexive-temporary-list
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...