Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How to open port for VNC to server? 2
- Thread starter protos
- Start date
-
1
- #2
I'm nost sure I follow protos. For quidck and dirty, temporaty you could to
"access-list number allow ip any host ipaddress[/]
which will open that box up to all traffic.
The VNc port number is determined by the type of service running, the OS and lots of other variables.
"access-list number allow ip any host ipaddress[/]
which will open that box up to all traffic.
The VNc port number is determined by the type of service running, the OS and lots of other variables.
- Thread starter
- #3
HI.
VNC listens on TCP port 5900.
If you have remote access VPN configuration in place, you can VNC over the VPN tunnel, so you do not need to open additional ports.
Bye
Yizhar Hurwitz
VNC listens on TCP port 5900.
If you have remote access VPN configuration in place, you can VNC over the VPN tunnel, so you do not need to open additional ports.
Bye
Yizhar Hurwitz
- Thread starter
- #5
-
1
- #6
If you only want the one port open to a certain box for VNC access, and you stated that you know the outside IP address then you would have an access-list that looks something like this...
access-list inbound permit tcp host <outside host> host <inside host> eq 5900
access-group inbound in interface outside
This will allow the outside host to the inside host on port 5900 and then applies the ACL to the interface.
Don't forget you will also have to have a static routable address for your internal box.
static (inside,outside) <registered ip> <inside ip> <mask>
I hope this helps
Dave
access-list inbound permit tcp host <outside host> host <inside host> eq 5900
access-group inbound in interface outside
This will allow the outside host to the inside host on port 5900 and then applies the ACL to the interface.
Don't forget you will also have to have a static routable address for your internal box.
static (inside,outside) <registered ip> <inside ip> <mask>
I hope this helps
Dave
static (inside,outside) tcp <outside IP> 5900 <inside server address> 5900 netmask 255.255.255.255 0 0
This will forward all request to port 5900 to inside IP address 192.168.0.10:
static (inside,outside) tcp 206.118.72.54 5900 192.168.0.10 5900 netmask 255.255.255.0 0 0
Llets say you have 2 servers you want to admin, you can use a different port using PAT. This will come into the system using port 5901 and translate it to 5900:
static (inside,outside) tcp 206.118.72.54 5901 192.168.0.10 5900 netmask 255.255.255.0 0 0
you must also use an ACL:
access-list fromoutside permit tcp any any eq 5901
access-list fromoutside permit tcp any any eq 5900
access-group fromoutside in interface outside
this should do it. if you have more questions let me know
John
This will forward all request to port 5900 to inside IP address 192.168.0.10:
static (inside,outside) tcp 206.118.72.54 5900 192.168.0.10 5900 netmask 255.255.255.0 0 0
Llets say you have 2 servers you want to admin, you can use a different port using PAT. This will come into the system using port 5901 and translate it to 5900:
static (inside,outside) tcp 206.118.72.54 5901 192.168.0.10 5900 netmask 255.255.255.0 0 0
you must also use an ACL:
access-list fromoutside permit tcp any any eq 5901
access-list fromoutside permit tcp any any eq 5900
access-group fromoutside in interface outside
this should do it. if you have more questions let me know
John
- Status
Similar threads
- Locked
- Question
- Locked
- Question