Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to open a port for VNC on a Cisco PIX 506E

Status
Not open for further replies.
farana75

farana75

IS-IT--Management
Jul 8, 2005
22
US
I need your help guys. I am running a Windows 2003 server and 25 workstations. I would like to be able to remote every machine from the server. I have already installed VNC on all the machines, but I can't connect to the majority. The firewall is turned on on every machine automatically via Group Policy. I just don't understand why it will not let me remote to most of the pc's. Should I open a port on the Firewall ( PIX 506E ). If so, could you please tell me how to do it..
I would appreciate it..
thanks
 
Sort by date Sort by votes
If the server and pc's are on the same network then make sure there is an exception in the Windows firewall for VNC (standard port is 5900) on all the workstations. You can set this via group policy if they are XP boxes.

If they are on seperate networks and the pix is between them, post your pix config.



Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
farana75,
I strongly recommend not to open the vnc port to the public, it is not a best security practice. You might wanna setup vpn service on your 506E and then you can vnc or rdp from there.

#######VPN service Config###########
access-list vpn_clients permit ip [YourCorpNetworkID and submask] [rfc1918 address]
nat (inside) 0 access-list vpn_clients
ip local pool vpn_clientPool [rfc1918 address]
sysopt connection permit-ipsec
crypto ipsec transform-set MY_SET esp-3des esp-md5-hmac
crypto dynamic-map ELNOMAP 10 set transform-set MY_SET
crypto map ELPEER 20 ipsec-isakmp dynamic ELNOMAP
crypto map ELPEER client authentication lOCAL
crypto map ELPEER interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup elgroup address-pool vpn_clientPool
vpngroup elgroup idle-time 1800
vpngroup elgroup dns-server yoUR INTERNAL DNS IP
vpngroup elgroup default-domain YOURDOMAIN.COM
vpngroup elgroup password


##VERIFY USING BELOW COMMANDS#

show ip local pool
show nat
show aaa-server
show crypto map
show crypto isakmp policy
show elgroup

Let me know if this help.
k
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
283
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
254
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
301
Johnkite
Johnkite
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
245
nnaarrnn
nnaarrnn
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
88
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top