HPE Community
WAN Routing
1753437 Members
4924 Online
108794 Solutions
New Discussion

Remote access from internet on MSR1003-8 router

 
grecuc
Occasional Contributor

‎10-23-2014 12:46 AM

‎10-23-2014 12:46 AM

Remote access from internet on MSR1003-8 router

Hello,

Please help me with the following problem. I have a MSR1003-8 router.
I'm used to IpTables so this is new to me and I cannot figure it out.
Can someone please make an example how to allow access from na external IP to local IP on some ports. For Example:

External IP:      201.201.201.201

Local IP:            192.168.100.34

Ports:                 502 and 3389

Any help would be greatly appreciated

 

Best regards

 

 

0 Kudos
3 REPLIES 3
grecuc
Occasional Contributor

‎11-02-2014 11:30 PM

‎11-02-2014 11:30 PM

Re: Remote access from internet on MSR1003-8 router

Still no reply :( 

 

any help would be greatly appreciated

 

Best regards

0 Kudos
grecuc
Occasional Contributor

‎11-03-2014 07:08 AM

‎11-03-2014 07:08 AM

Re: Remote access from internet on MSR1003-8 router

 

I have a test network setup here.

Here is the test  configuration:

 

LAN:                                 192.168.100.0 /24

WAN:                               192.168.10.21/32

Remote user IP:          192.168.10.58

 

 

I have setup na static NAT via CLI:

 

-nat static   3970   192.168.100.123   192.168.10.21

 

 

The ACL 3970 contains:

 

-1       permit ip source 192.168.10.0     0.0.0.255

-10    deny ip

 

With this configuration I can connect normaly from 192.168.10.0 /24. The problem is, that anyone from the subnet "192.168.10.0 / 0.0.0.255" can connect also. What I want is that someone is allowed to connect from a specific IP - like 192.168.10.58 0.0.0.0

 

if I change the ACL rule to a specific IP the connection fails:

-1       permit ip source 192.168.10.58     0.0.0.0

-10    deny ip

 

How do I setup an ACL so that a single Remote IP is allowed?

 

Any help would be greatly appreciated

 

Best regards

0 Kudos
mertdemi
Advisor

‎11-07-2014 03:35 PM

‎11-07-2014 03:35 PM

Re: Remote access from internet on MSR1003-8 router

Hi Grecuc

 

here is sample config

 

interface GigabitEthernet0/1
 port link-mode route
 combo enable copper
 ip address 192.168.10.21 255.255.255.0
 nat server protocol tcp global 192.168.10.21 23 inside 192.168.100.2 23 acl 3001
 nat server protocol tcp global 192.168.10.21 1490 inside 192.168.100.2 1490

 

acl number 3001
 rule 0 permit ip source 192.168.10.58 0

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.