-
July 1st, 2003, 01:53 PM
#1
Access-List with Cisco 1720 Router...
Has anyone programmed a router to allow "any" ip in from the outside to connect to a server running PCAnywhere using the Access-list?
Also anyone remember how to delete these (access-list)?
It has been over a year since I touched this router now they want to get PCAnywhere running
Thanks in advance.....
Rick
Network Administrator
MCSE
http://www.dcinh.com
-
July 1st, 2003, 02:04 PM
#2
Chat Operator
Ya, i remember, what you need to do is created the access list to allow "any" inbound or "255.255.255.255", then apply it to the router interface.
If you need the exact commands, i'll dig them up for tomorow.
<Ferrit> Take 1 live chicken, cut the head off, dance around doing the hokey pokey and chanting: GO AWAY BAD VIRUS, GO AWAY BAD VIRUS
-----------------------
Windows 7 Pro x64
Asus P5QL Deluxe
Intel Q6600
nVidia 8800 GTS 320
6 gigs of Ram
2x60 gig OCZ Vertex SSD (raid 0)
WD Black 750 gig
Antec Tri power 750 Watt PSU
Lots of fans
-
July 1st, 2003, 02:38 PM
#3
Just added this line....
access-list 110 permit ip any host 192.168.69.10 saved config and reloaded. But alas it did not work....Next question, you remember how to delete these...LOL
Thanks again!!
Network Administrator
MCSE
http://www.dcinh.com
-
July 1st, 2003, 02:50 PM
#4
Registered User
Re: Access-List with Cisco 1720 Router...
Originally posted by Digital_Rick
Has anyone programmed a router to allow "any" ip in from the outside to connect to a server running PCAnywhere using the Access-list?
Also anyone remember how to delete these (access-list)?
It has been over a year since I touched this router now they want to get PCAnywhere running
Thanks in advance.....
Rick
You can do it but you're better off configuring a VPN and allowing the connection to come in that way. If you open up a port on the outside interface of the router you expose that port to attack from anyone. In any event, here's the way to create the access list if you do want to expose the network
first the access list:
access-list 101 permit tcp any host 192.168.1.10 eq 5631
access-list 101 permit udp any host 192.168.1.10 eq 5632
then apply the access list to an interface:
access-group 101 in interface s0/0
note that:
1) the tcp and udp ports are based on v10 of pcanywhere, you may have to change them based on version
2) put your internal IP address in for 192.168.1.10
3) the interface in my example in the access-group command is not "named" by the "nameif" command
4) these commands are based on my PIX version 6.2(2) and should match your 1700 if your 1700 is up to date. Cisco has been converging a number of commands across similiar platforms in the name of simplification.
You can give this a shot but like I said before I'd still setup the VPN.
Deliver me from Swedish furniture!
-
July 1st, 2003, 02:52 PM
#5
Registered User
to delete any command just put a "no" in front of it and type it again (or paste it into the command line"
no access-list 101 bla bla
the command does have to be complete though or it won't know which command to delete and throw you an error.
Deliver me from Swedish furniture!
-
July 1st, 2003, 02:55 PM
#6
Registered User
Also note that if you already have an access list you just change the access list number and apply it to the existing access group.
Deliver me from Swedish furniture!
-
July 1st, 2003, 03:22 PM
#7
Thanks silencio !!
That was what I was looking for. I have told them all about the possibilities of hacking. They still wanted it opened. Oh well, live and learn I guess
Thanks again!!!
I'll try to post here when I get it working.
Network Administrator
MCSE
http://www.dcinh.com
-
July 2nd, 2003, 08:46 AM
#8
Re: Re: Access-List with Cisco 1720 Router...
Originally posted by silencio
then apply the access list to an interface:
access-group 101 in interface s0/0
access-group 101 in interface s0/0{in/out} is also needed
System Specs
486DX2
16MB RAM
16 MB RAM
1MB vid RAM
Windows 3.1
-
July 2nd, 2003, 10:20 AM
#9
Registered User
PC Anywhere?
Here's another suggestion....
Instead of PC Anywhere, why not try GoToMyPC?
http://www.gotomypc.com
It works similar to PC Anywhere, but is totally web based (no software to buy or install). Instead, you purchase a subscription for the service. They allow a free trial and you can be up and running in a few minutes.
The things that I like the best about it is that is FAST and does not require any manual tweaking of firewall ports or access lists.
I use it myself and I've recommended it to many of my clients and several of them use it daily.
Just a thought...
-
July 2nd, 2003, 12:14 PM
#10
Registered User
Re: Re: Re: Access-List with Cisco 1720 Router...
Originally posted by bbtech6650
access-group 101 in interface s0/0{in/out} is also needed
access-group 101 in interface s0/0[B]{in/out}
..........................^....................... .............that's the "in"
Last edited by silencio; July 2nd, 2003 at 12:17 PM.
Deliver me from Swedish furniture!
-
July 2nd, 2003, 12:16 PM
#11
Registered User
Re: PC Anywhere?
Hehe. Talk about strategic visual effects. The words PC Anywhere were the first things I saw on their page.
Originally posted by chucko
Here's another suggestion....
Instead of PC Anywhere, why not try GoToMyPC?
http://www.gotomypc.com
It works similar to PC Anywhere, but is totally web based (no software to buy or install). Instead, you purchase a subscription for the service. They allow a free trial and you can be up and running in a few minutes.
The things that I like the best about it is that is FAST and does not require any manual tweaking of firewall ports or access lists.
I use it myself and I've recommended it to many of my clients and several of them use it daily.
Just a thought...
Deliver me from Swedish furniture!
-
July 2nd, 2003, 03:01 PM
#12
ok, a bit confised now....
I added.....
access-list 101 permit tcp any host 192.168.69.10 eq 5631
access-list 101 permit udp any host 192.168.69.10 eq 5632
and also added........
ip access-group 101 in (in serial0)
That was it correct? Do I need to now make a bridge between Serial0 and FastEthernet0 ??
access-group 101 in interface s0/0[B]{in/out}
What is this?? ^ all about? Is this something different from
(RouterName)(config-if)#ip access-group 101 in
Sigh....I wonder if Blockbuster is hiring
Network Administrator
MCSE
http://www.dcinh.com
-
July 2nd, 2003, 04:48 PM
#13
Registered User
Re: ok, a bit confised now....
Originally posted by Digital_Rick
[B]I added.....
access-list 101 permit tcp any host 192.168.69.10 eq 5631
access-list 101 permit udp any host 192.168.69.10 eq 5632
and also added........
ip access-group 101 in (in serial0)
That was it correct? Do I need to now make a bridge between Serial0 and FastEthernet0 ??
access-group 101 in interface s0/0 {in/out}
What is this?? ^ all about? Is this something different from
(RouterName)(config-if)#ip access-group 101 in
Sigh....I wonder if Blockbuster is hiring
You don't need the "IP" in front of your statement. It should read:
access-group 101 in interface serial0
as long as serial0 is your WAN interface.
Deliver me from Swedish furniture!
-
July 2nd, 2003, 08:38 PM
#14
i dunno where i was when i made my post....not here, thats for sure
System Specs
486DX2
16MB RAM
16 MB RAM
1MB vid RAM
Windows 3.1
-
July 2nd, 2003, 09:36 PM
#15
Registered User
Originally posted by bbtech6650
i dunno where i was when i made my post....not here, thats for sure
That happens to me aaaaalllllllllll the time.
Deliver me from Swedish furniture!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks