Access-List with Cisco 1720 Router...

[Digital_Rick]

Has anyone programmed a router to allow "any" ip in from the outside to connect to a server running PCAnywhere using the Access-list?
Also anyone remember how to delete these (access-list)?
It has been over a year since I touched this router now they want to get PCAnywhere running

Thanks in advance.....

Rick

[Matridom]

Ya, i remember, what you need to do is created the access list to allow "any" inbound or "255.255.255.255", then apply it to the router interface.

If you need the exact commands, i'll dig them up for tomorow.

[Digital_Rick]

access-list 110 permit ip any host 192.168.69.10 saved config and reloaded. But alas it did not work....Next question, you remember how to delete these...LOL

Thanks again!!

[silencio]

Originally posted by Digital_Rick
Has anyone programmed a router to allow "any" ip in from the outside to connect to a server running PCAnywhere using the Access-list?
Also anyone remember how to delete these (access-list)?
It has been over a year since I touched this router now they want to get PCAnywhere running

Thanks in advance.....

Rick

You can do it but you're better off configuring a VPN and allowing the connection to come in that way. If you open up a port on the outside interface of the router you expose that port to attack from anyone. In any event, here's the way to create the access list if you do want to expose the network

first the access list:
access-list 101 permit tcp any host 192.168.1.10 eq 5631
access-list 101 permit udp any host 192.168.1.10 eq 5632

then apply the access list to an interface:
access-group 101 in interface s0/0

note that:
1) the tcp and udp ports are based on v10 of pcanywhere, you may have to change them based on version
2) put your internal IP address in for 192.168.1.10
3) the interface in my example in the access-group command is not "named" by the "nameif" command
4) these commands are based on my PIX version 6.2(2) and should match your 1700 if your 1700 is up to date. Cisco has been converging a number of commands across similiar platforms in the name of simplification.

You can give this a shot but like I said before I'd still setup the VPN.

[silencio]

to delete any command just put a "no" in front of it and type it again (or paste it into the command line"

no access-list 101 bla bla

the command does have to be complete though or it won't know which command to delete and throw you an error.

[silencio]

Also note that if you already have an access list you just change the access list number and apply it to the existing access group.

[Digital_Rick]

That was what I was looking for. I have told them all about the possibilities of hacking. They still wanted it opened. Oh well, live and learn I guess

Thanks again!!!

I'll try to post here when I get it working.

[bbtech6650]

Originally posted by silencio


then apply the access list to an interface:
access-group 101 in interface s0/0

access-group 101 in interface s0/0{in/out} is also needed

[chucko]

Here's another suggestion....

Instead of PC Anywhere, why not try GoToMyPC?

http://www.gotomypc.com

It works similar to PC Anywhere, but is totally web based (no software to buy or install). Instead, you purchase a subscription for the service. They allow a free trial and you can be up and running in a few minutes.

The things that I like the best about it is that is FAST and does not require any manual tweaking of firewall ports or access lists.

I use it myself and I've recommended it to many of my clients and several of them use it daily.

Just a thought...

[silencio]

Originally posted by bbtech6650
access-group 101 in interface s0/0{in/out} is also needed

access-group 101 in interface s0/0[B]{in/out}
..........................^....................... .............that's the "in"

[silencio]

Hehe. Talk about strategic visual effects. The words PC Anywhere were the first things I saw on their page.

Originally posted by chucko
Here's another suggestion....

Instead of PC Anywhere, why not try GoToMyPC?

http://www.gotomypc.com

It works similar to PC Anywhere, but is totally web based (no software to buy or install). Instead, you purchase a subscription for the service. They allow a free trial and you can be up and running in a few minutes.

The things that I like the best about it is that is FAST and does not require any manual tweaking of firewall ports or access lists.

I use it myself and I've recommended it to many of my clients and several of them use it daily.

Just a thought...

[Digital_Rick]

I added.....
access-list 101 permit tcp any host 192.168.69.10 eq 5631
access-list 101 permit udp any host 192.168.69.10 eq 5632

and also added........
ip access-group 101 in (in serial0)

That was it correct? Do I need to now make a bridge between Serial0 and FastEthernet0 ??



access-group 101 in interface s0/0[B]{in/out}
What is this?? ^ all about? Is this something different from

(RouterName)(config-if)#ip access-group 101 in

Sigh....I wonder if Blockbuster is hiring

[silencio]

Originally posted by Digital_Rick
[B]I added.....
access-list 101 permit tcp any host 192.168.69.10 eq 5631
access-list 101 permit udp any host 192.168.69.10 eq 5632

and also added........
ip access-group 101 in (in serial0)

That was it correct? Do I need to now make a bridge between Serial0 and FastEthernet0 ??



access-group 101 in interface s0/0{in/out}
What is this?? ^ all about? Is this something different from

(RouterName)(config-if)#ip access-group 101 in

Sigh....I wonder if Blockbuster is hiring

You don't need the "IP" in front of your statement. It should read:

access-group 101 in interface serial0

as long as serial0 is your WAN interface.

[bbtech6650]

i dunno where i was when i made my post....not here, thats for sure

[silencio]

Originally posted by bbtech6650
i dunno where i was when i made my post....not here, thats for sure

That happens to me aaaaalllllllllll the time.