Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Apply ACL

Status
Not open for further replies.
omegabetax

omegabetax

Technical User
Jun 20, 2006
54
RO

Hi,

Assume that I have two routers, 2 LANs and an application such as VNC.
The purpose is to block VNC to be used between the LANs but let the LAN1 to access LAN2 where are servers.

I can block the port 5800/5900. But a smart user that have access at both LANs can change the port at source and destination to use VNC.

Can someone give me an advice how can I do this ?

Thanks
 
Sort by date Sort by votes
omegabetax,

First - you should lock the servers down with the server OS and file premissions etc. If they have no admin rights on the server will do them no good to VNC over to the server.

As for ACLs - what are the servers serving - if it is a web server block all traffic but port 80 but if it is just a general file server on the LAN then your best bet will be locking it down with the server OS.

Just my thoughts!


E.A. Broda
CCNA, CCDA, CCAI, Network +
 
Upvote 0 Downvote
OK.But I want to have no access even to other workstation that is in LAN with the servers. So wks to wks denied for VNC. Can I do this ?
 
Upvote 0 Downvote
If they are on the same LAN, you will have to restrict access at the box itself with some sort of software firewall. With XP/2003 firewall you can allow/deny connections based on IP, subnet, combinations of both, or have it totally open. That is where I would start. Linux has the same thing.



Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
omegabetax,

It might help if we had a better understanding of exactly what you are trying to do and how the network is setup.

Same users at the work stations or is this open to the public - who is using VNC and what are they trying to do? Where are they using the VNC - do you have control over that workstation?

Is there a policy against VNC use? As Brent said above - sounds like you need to lock down the work stations - I am at a college and we use XP - we have all stations locked tight with no admin rights at all to the student users.

Once again - might help if we had a better picture of the setup!

Just my thoughts!


E.A. Broda
CCNA, CCDA, CCAI, Network +
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

skk391
  • Locked
  • Question
Blocking Websites using ACL
Replies
2
Views
107
skk391
skk391
burtsbees
  • Locked
  • Question
ACL deny ip host x.x.x.x any no work
Replies
11
Views
206
burtsbees
burtsbees
maczen
  • Locked
  • Question
CBAC VS REFLEXIVE ACL 2
Replies
9
Views
70
maczen
maczen
rickrude11
  • Locked
  • Question
interface and direction to apply CBAC inspect rules
Replies
1
Views
45
maczen
maczen
niqd
  • Locked
  • Question
ACL question
Replies
4
Views
86
thecrow123456
thecrow123456

Part and Inventory Search

Sponsor

Back
Top