Menu
What's new
By:
Filters Better Search

Cisco RV320 ACLs not working

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

mangyDOG

New Around Here
Hi all,
I was hoping to get some help configuring a Cisco RV320 router. The RV320 is at a remote location, I want to configure a port forward for remote desktop from my public static IP address through the RV320 to a server on the RV320's internal lan.

I have setup port forwarding on the RV320 for port 3389 to 192.168.0.1 (the internal server) and this works but it opens the port to everyone on the internet.

I created an access rule in the firewall section of the RV320 which is:

Action = Allow
Service = 3389
Source interface = WAN1 (also tried the ANY option)
Source = 123.123.123.123 (my "public" static IP address)
Destination = 192.168.0.1 (the internal server)
Time = always.

I hoped this would restrict port 3389 traffic to just my IP address but it had no effect.

I then left the firewall rule inplace and removed the port forward rule. This then blocked all port 3389 traffic to the internal server.

My question is this: Is there anyway on a RV320 router to allow access from a single external IP address through the router to an internal address and block all other external connections?

Thanks for any help!
Cheers,
mangyDOG
 
So you need to also have a Deny rule denying traffic to all other IPs. Then you have to order the rules (I forgot exactly which order) for all traffic to be denied except your one allow rule. Hope this helps! Post back with any updates. :)
 
:eek: it works! The cisco firewall rules are nuts! Thanks Samir!

I never considered doing this because the access rules page has a default rule to Deny all traffic from WAN1 to any destination. It appears that even though the default rules are listed they have no effect on the port forwarding rules, previously I have used Netgear routers where you had to enable port forwarding and then enable a single allow rule in the firewall. With the cisco you have to manually create both an allow rule and a deny rule:

Priority 1, Allow, 3389, WAN1, source=123.123.123.123, destination=192.168.0.1, always
Priority 2, Deny, 3389, WAN2, source=any, destination=192.168.0.1, always.

Many Thanks,
Cheers,
mangyDOG.
 
You must log in or register to reply here.

Similar threads

C
Using 2 routers (no bridge), DDNS configuration not working
Replies
3
Views
482
ddaenen1
ddaenen1
M
Firewall rule to allow only a specific domain name
Replies
13
Views
805
ColinTaylor
C
B
Logging inbound connections on Edgerouter X
Replies
1
Views
206
tgl
T
R
Router firewall configuration
Replies
11
Views
1K
coxhaus
C
C
Asus Merlin Router / OpenVPN client / Port forwards how?
Replies
1
Views
791
cw-kid
C
Similar threads
Thread starter Title Forum Replies Date
B Long shot but worth a shot? WFH using CISCO phone audio delay 5-10 seconds Routers 1
P Airscale ASIB to Router Cisco Routers 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 577 (members: 16, guests: 561)
Top