cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

173
Views
0
Helpful
3
Replies
ReedMikel
Beginner

RVxxx routers: How do Access Rules and Port Forwarding rules interact?

Hi,

I've got a RV260P router and I'm trying to understand how the Access Rules (under Firewall) interact (or don't) with Port Forwarding rules?  e.g. let's say I defined a Port Forwarding rule to forward external port 3389 (from WAN) to internal port 3389 on LAN.  What happens when a packet comes into WAN with port 3389 as dest?  Is that packet first processed thru the Access Rules table, or does it bypass Access Rules and get forwarded immediately?  I'm trying to be able to restrict many of my Port Forwarding rules so that they only get forwarded if the source IP is within an IP range that I know/trust.  I would think I might have to create 2 rules: first Allows 3389 if IP is within a range.  Second rule would be a DENY for WAN traffic, DST=3389 any DST IP.

Or am I going about this the wrong way?

Any good Cisco docs on how these Firewall features interact with one another?

 

TIA,

Mike

3 REPLIES 3
balaji.bandi
VIP Expert

Order of operation is PAT and Access Policy.

First rule should be PAT

Seconds rule allow source IP port - destination IP Port allow.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

Hmmm, what is PAT?  I’m guessing it means Port Forwarding?  If that’s correct, you’re saying to create a Port Forwarding rule.  Then create an Access Rule that Allows this same port coming in on WAN - IF the SRC IP meets my criteria.  Do I also create a 2nd Access Rule that Denies this same port for Any SRC IP?

balaji.bandi
VIP Expert

yes PAT(port-forward) yes create port-forward and allow ACL, if you Acess rule deny any should cover default.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

This widget could not be displayed.