Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3346
Views
0
Helpful
1
Replies

RV080 access rule / WAN to LAN issues

dkmlhillel
Level 1
Level 1

‎09-27-2011 02:41 PM

Usually, a simple acces rule in a Cisco firewall, doesn't lead to any major connection issues, however a customer wanted the small business router RV080, running a replica server on the inside, which require some connections to a few servers on the outside.

I wanted to limit the access to a LAN address from a single WAN address, an example of a NTP connection:

Enable <V> - Action <Allow> - Service <NTP(123)> - Source Interface <WAN1> - Source <91.*.*.*> - Destination <192.*.*.*> - Time <Always>

But in this test (as in any access rule for different services), the client on the WAN side cannot contact the host on the LAN side, the only way I could get it to work, was to set up a Port Range Forwarding (Setup - Forwarding).

Now it works, with or without any Access Rule - alright, but the down side is that any IP on the WAN is able to contact the LAN address, at the specific port/service, not limitting to the specific WAN address above.

Anyone got some comments/tricks/solution for this?

Thanks,

Mike

Labels:
0 Helpful
1 Reply 1

Te-Kai Liu
Level 7
Level 7

‎09-27-2011 03:04 PM

When an Access Rule is defined on top of a port forwarding rule (e.g. SSH service), you want to first add a Deny rule to deny all IP addresses coming from the WAN side and then add an Allow rule to allow specific IP address entering from the WAN side.

Allow     SSH       WAN1     [specific IP]     [private address]

Deny     SSH       WAN1     Any                   [private address]

0 Helpful
Customers Also Viewed These Support Documents