Cisco 827 Wildcards

Discussion in 'Cisco' started by paulcd, Apr 23, 2008.

  1. paulcd

    paulcd

    Joined:
    Apr 23, 2008
    Messages:
    2
    Likes Received:
    0
    I have a customer who is connecting remotely using VNC to a computer inside an office network that has a Cisco 827 connecting to the Internet. Previously the remote PC had a static IP address and I was using the following syntax to restrict access to this address:

    access-list 101 permit tcp host 1.2.3.4 host 4.5.6.7 eq 5900

    where 1.2.3.4 is the remote static IP and 4.5.6.7 is the Cisco static IP and port 5900 is for VNC. I have another entry earlier it pinhole 5900 as follows:

    ip nat inside source static tcp 192.168.1.6 5900 4.5.6.7 5900 extendable

    where 192.168.1.6 is the VNC host PC inside the office network.

    The customer is now using a 3G card which can't get a static address. However they IP they get assigned is within an IP address range such that the first 2 octets are the same. ie 1.2.33.44 or 1.2.55.66. I entered the following line into the Cisco box but it isn't allowing access.

    access-list 101 permit tcp host 1.2.0.0 host 4.5.6.7 eq 5900

    I figured the .0.0 should allow access to anyone connecting from 1.2.x.y. Can anyone please enlighten me on how to make this work?
     
    paulcd, Apr 23, 2008
    #1
    1. Advertisements

  2. paulcd

    paulcd

    Joined:
    Apr 23, 2008
    Messages:
    2
    Likes Received:
    0
    I have found a solution (it works):

    access-list 101 permit tcp host 1.2.3.4 host 4.5.6.7 eq 5900

    becomes

    access-list 101 permit tcp 1.2.0.0 0.0.255.255 host 4.5.6.7 eq 5900
     
    paulcd, Apr 25, 2008
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.