Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I need help please. I need to re

Status
Not open for further replies.
Gigaic

Gigaic

Technical User
Feb 8, 2006
154
GH
I need help please.

I need to restrict remote vpn access to a lan-side server (192.168.1.2 natted to 41.204.56.251). At the moment any IP address from the internet can access the server once the person knows the nat ip and the password.

How do I allow vnc access only to IP address 41.204.54.98?

Below is my current config:
**********************************************************
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 41.204.56.250 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
switchport mode trunk
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
ip address 10.200.18.2 255.255.255.0
ip virtual-reassembly
!
interface Vlan3
ip address 172.16.1.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 41.204.56.249
ip route 10.1.0.0 255.255.0.0 10.200.18.1
ip route 10.76.100.0 255.255.255.0 10.200.18.1
ip route 192.168.0.0 255.255.255.0 10.200.18.1
!
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 10 interface FastEthernet0/1 overload
ip nat inside source static 192.168.1.2 41.204.56.251
ip nat inside source static 192.168.1.3 41.204.56.252
!
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
!
**************************************************
Thanks
 
Sort by date Sort by votes
What port does VNC use?

ip nat inside source static tcp 192.168.1.2 21 41.204.56.251 21

This example would be for FTP access only...just replace the 21 with the proper port numbers (and proper IP addresses, of course), and replace tcp if it is udp you need.

Burt
 
Upvote 0 Downvote
Hi Burt,

That is already done if you look at the 4th line from the bottom of my posted config.

Now, I do have support people accessing the local machine (192.168.1.2) over the internet. I have given them the password and outside IP address (41.204.56.251). How do I restrict access from their office IP only (41.204.54.98), such that ex-employees are not able to access the local machine.

Thanks
George
 
Upvote 0 Downvote
You asked to have it accessed via VNC ONLY---your last four lines in your post do not have the tcp keyword nor do they have port numbers. This is how you would make the server accessible via VNC ONLY. I this is not what you wanted, then I apologize for misunderstanding.
Now, to answer the second question, an acl denying that IP would be great
access-list 121 deny ip 41.204.54.98 0.0.0.255 host 192.168.1.2
access-list 121 permit ip any any
then apply it inbound to the outside interface...
router(config)#int fa0/1
router(config-if)#ip access-group 121 in

Burt
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
206
Jared R
Jared R
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
148
BIS
BIS
Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
146
Luzbel
Luzbel
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
204
madwok
madwok
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
173
bdk76
bdk76

Part and Inventory Search

Sponsor

Back
Top