Re: Allow VNC and Remote Desktop through router?

whiteford · ‎05-06-2008

Hi,

How can I allow VNC (TCP 5900) and Windows Remote Desktop through a Cisco 877 to a PC behind it? The router doesn't have a static IP but I can get to it via dynamic DNS.

say local information is, Local IP: 192.168.2.100 , Global interface: dialer1 with ip access-group 101 in.

And is it possibel to only allow a certain external IP access for exampe 1.2.3.4?

Thanks

Collin Clark · ‎05-06-2008

First setup your NATs

ip nat inside source static tcp 192.168.2.100 3389 dialer1 3389

Then add your ACL.

access-list 100 permit host 1.2.3.4 any eq 3389

Finally, apply the ACL to an interface.

interface dialer1

ip access-group 100 in

The above commands are off the top of my head, so they might need a little tweaking. Be sure to use the ? for help. Hope that helps.

whiteford · ‎05-06-2008

Thanks,

How does it find the right PC? Say I had 2 PC's which needed 3389 open? I see you have "any", will it just find the first that responds?

Or can this rule only work with one PC if I'm using a dynamic IP?

Thanks

Collin Clark · ‎05-06-2008

The NAT translation is what determines where it goes. The any is for the ACL only. If you want to access multiple PC's but you only have on public IP, you 'll have to change ports.

For example-

ip nat inside source static tcp 192.168.1.201 3389 dialer1 3390.

From the outside you would have to configure RDP to connect to port 3390 instead of 3389.