1. Home
  2. Cisco Systems
  3. VNC to two internal servers through one global ip

VNC to two internal servers through one global ip

Hi all,

I'm running PIX 515 with IOS version 6.3(3). I've two internal servers and I want to use RealVNC to connect to them through one global ip(211.23.x.x) from Internet. Server1 (172.16.30.164) is listening on port 5900 and server2(172.16.30.133) is listening on port 5901.

I added to PIX: static (inside, outside) tcp 211.23.x.x 5900 172.16.30.164 5900 netmask

255.255.255.255 0 0 static (inside, outside) tcp 211.23.x.x 5901 172.16.30.133 5901 netmask 255.255.255.255 0 0 access-list acl-outside permit tcp any host 211.23.x.x eq 5900 access-list acl-outside permit tcp any host 211.23.x.x eq 5901 access-group acl-outside in interface outside

Then: I could use RealVNC(server:211.23.x.x) to connect to 172.16.30.164 from Internet, BUT I COULDN'T use RealVNC(server:211.23.x.x:1, with display 1) to connect to 172.16.30.133.

But when I was in our office, I could connect to them by server:172.16.30.164 and server:172.16.30.133:1(with display 1)

Can anyone reolve the problem for me?

Reply to
Michael Shiah
Loading thread data ...

In article , Michael Shiah wrote: :I'm running PIX 515 with IOS version 6.3(3). I've two internal servers and I

{Minor point for future reference: PIX does not run IOS, it runs an OS named 'Finesse'.}

:want to use RealVNC to connect to them through one global ip(211.23.x.x) :from Internet. Server1 (172.16.30.164) is listening on port 5900 and :server2(172.16.30.133) is listening on port 5901.

:I added to PIX: :static (inside, outside) tcp 211.23.x.x 5900 172.16.30.164 5900 netmask :255.255.255.255 0 0 :static (inside, outside) tcp 211.23.x.x 5901 172.16.30.133 5901 netmask :255.255.255.255 0 0

Is 211.23.x.x the outside IP of the PIX itself? If so, then you will need to use

static (inside, outside) tcp interface 5900 172.16.30.164 5900 netmask

255.255.255.255 0 0 static (inside, outside) tcp interface 5901 172.16.30.133 5901 netmask 255.255.255.255 0 0

access-list acl-outside permit tcp any interface outside eq 5900 access-list acl-outside permit tcp any interface outside eq 5901

Also, after you put in a new static PAT entry, if either the inside or outside IP were in active use before, you need to clear xlate as there may have been an active xlate involving either those ports or the entire IP.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.