Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1848
Views
0
Helpful
4
Replies

Cisco 877 - allow only one external static ip to connect to my server ?

pangio1453
Level 1
Level 1

‎01-05-2010 03:36 PM

Hello,

  Can anyone tell how how to setup up the Cisco 877 to allow only one external ip xxx.xxx.xxx.xxx to access my server ?

  Consider this:

  My Server PC connects to the internet through the Cisco 877 and it has an internal ip 10.10.10.2 and also an SQL Server

  My other PC on a different location has a static IP 123.123.123.123 (it's an example)

  What i want is only to allow ONLY my other PC with the IP 123.123.123.123 to access my Server and only the SQL Server port.

  IOW, if  anyone tries to access my server without having the IP 123.123.123.123 block the access.

Thank you in advance.

Labels:
0 Helpful
4 Replies 4

bjames
Level 5
Level 5

‎01-05-2010 03:57 PM

I will assume the 123.123.x.x is an internet address? If so they yes you can setup PAT for the SQL server to the Internet on a unique port and ACL it so only the internet IP (123.123.x.x) is allowed to hit that external address on that port.

Here`s a rough example:

ip nat inside source static tcp 10.10.10.1 1433 201.201.201.1 1433

access-list 150 permit tcp host 123.123.123.123 host 201.201.201.1 eq 1433

access-list 150 deny ip any any

Good luck

0 Helpful

pangio1453
Level 1
Level 1
In response to bjames

‎01-07-2010 03:47 PM

Dear Bob,

  What is the "201.201.201.1" ?

  Also can i do this through SDM or i need to do it through console ?

Thank you very much

0 Helpful

alissitz
Level 4
Level 4
In response to pangio1453

‎01-07-2010 04:26 PM

Hello Folk,

With this link you can see an example of using SDM.  It might be a little outdated, however it might helpful to see.

Skip to the NAT section:

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_configuration_example09186a008073e067.shtml#nat1

Happy New Year!

Andrew Lee Lissitz

0 Helpful

bjames
Level 5
Level 5
In response to pangio1453

‎01-07-2010 04:38 PM

That IP is just an example of the Internet facing public IP assigned to your internal server. If you only have one outside IP use PAT. I didn't know you had SDM yes you can do it thorugh there. Just remember you need a publically accessible IP address on the internet that is NAT'd to your host; then you apply the ACL on the outside inteface to only allow your PC to access that public IP on the port specified.

Cheers

Bob

0 Helpful
Customers Also Viewed These Support Documents