Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1823
Views
10
Helpful
11
Replies

Cisco Small Business RV345P port forwarding and firewall

Go to solution
MikeyD1973
Level 1
Level 1

‎12-23-2020 08:33 AM

I'd like to do the following on an RV345P.

 

Allow access from external IP address x.x.x.x only on port 50443 which is NAT'd/port forwarded to port 443 on internal IP address 192.168.1.250

 

I can see how to do this in port forwarding but creating the rule opens traffic from any external IP address.  Do I need an access rule also?

 

Many thanks in advance.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MikeyD1973
Level 1
Level 1
In response to Georg Pauwen

‎12-23-2020 12:27 PM

Thanks @Georg Pauwen 

 

I think the access would work but theres no way to change the port from 50443 to 443 in an access list

 

View solution in original post

0 Helpful
11 Replies 11

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-23-2020 09:05 AM

just port-forwarding should work. - if the internal IP aware by RV345

 

 

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb5818-configure-port-forwarding-port-triggering-nat-on-rv34x-serie.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
MikeyD1973
Level 1
Level 1

‎12-23-2020 09:18 AM

Thanks @bb - but that would allow access from any external IP address - I want to limit access to a specific IP address.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-23-2020 09:51 AM

the example to get information - Since most of the config done one GUI only on RV series models -

yes same way make a rule source  x.x.x.x (50443) to destination 192.168.1.250(443)

x.x.x.x is already routed to you from your provider ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
MikeyD1973
Level 1
Level 1
In response to balaji.bandi

‎12-23-2020 10:26 AM

Hi @bb 

 

I want to allow access from IP address x.x.x.x only (my work address) to y.y.y.y which is the external address of my RV345P, on port 50443 which is NAT'd/port forwarded to port 443 on internal IP address 192.168.1.250

 

 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎12-23-2020 11:24 AM

Hello,

 

I think what you need is an access rule. The problem is that the RV345 is not a full IOS router, so I am not sure you can apply an access list in the traditional way to the outside (WAN) interface. Have a look at the example below. If the source is the IP address of your home router, and the destination either the IP address of your WAN interface, or 'any', this might work...

 

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb5491-configure-access-rules-on-an-rv34x-series-router.html 

0 Helpful

Go to solution
MikeyD1973
Level 1
Level 1
In response to Georg Pauwen

‎12-23-2020 12:27 PM

Thanks @Georg Pauwen 

 

I think the access would work but theres no way to change the port from 50443 to 443 in an access list

 

0 Helpful

Go to solution
Martin Aleksandrov
Cisco Employee
Cisco Employee
In response to MikeyD1973

‎12-23-2020 12:56 PM

Hello Mikey,

 

Unfortunately, you can't filter specific external public address with the RV340 access rule nor you can do port-forwarding with a specific external IP address.

 

Regards,

Martin

 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to MikeyD1973

‎12-24-2020 04:21 AM

Hello,

 

I think it would work if you just block the outside port, that is what you are connecting to anyway. The access list does not need to know about the inside port, as this is just happening internally.

0 Helpful

Go to solution
MikeyD1973
Level 1
Level 1

‎12-24-2020 04:14 AM

Thanks all - I'll have to stick with standard ports and restrict access to my work IP address using access rules instead of port forwarding.

0 Helpful

Go to solution
SteveC67771
Level 1
Level 1

‎03-22-2021 02:05 PM - edited ‎03-22-2021 02:07 PM

Hi, I've got an RV260 and have set up what I think you are describing but I'm not sure if they run the same firmware though. This is how I'd set up your config on mine like this :-

 

Set up in Service Management

svc_50443 for port 50443

svc_00443 for port 443

 

Port Forwarding

External Service = svc_50443

Internal Service = svc_00443

Internal IP = 192.168.1.250

Interfaces = WAN

 

That config should allow you to come in from anywhere on the Internet via public.ip:50443 and it will pass through to 192.168.1.250:443 so you now need to set up the access rules otherwise it's open.

 

Access Rules

Allow / svc_00443 / WAN / [Your work IP] / VLAN1 / Any

Deny / All Traffic / WAN / ANY / VLAN1 / Any

 

On the RV260 there seems to be a significant issue if you think you add an ACL to limit it to certain public IP addresses. The Port Forwarding rule defaults to, and opens up, VLAN1 whereas the built in DENY ALL only blocks to VLAN.

 

https://community.cisco.com/t5/small-business-routers/rv260-port-forwarding-overrides-access-rules/m-p/4307291

Go to solution
MikeyD1973
Level 1
Level 1
In response to SteveC67771

‎03-29-2021 01:51 AM

Many thanks @SteveC67771

0 Helpful
Customers Also Viewed These Support Documents