Configuring a Cisco Router using Access Lists for use with PCsync - Search Again SUMMARY I'm concerned about using PCsync on my corporate network, and want to understand PCsync's Security features. Also, I'm also looking for information about how I can configure my Cisco Router to allow PCsync to make secure connections. Can you help me? CAUSE See Technical Document 303, Using PCsync in a Secure Environment for more information. SOLUTION Currently there is no proxy or stateful inspection mechanism for PCsync. Access is allowed by opening TCP ports 80, 8080, 8443 and 8444 to specific hosts or the network at the discretion of the security administrator.
For sites using NAT with private address space or NAT with port multiplexing, you will be unable to allow incoming PCsync connections. Sites using NAT and mapping their internal IP addresses to valid public addresses can, if they choose, set up static mappings for particular PCsync hosts to be reached from the outside. See Technical Document 305, How to Surf up to a computer behind a Router or Firewall for more information
For demonstration purposes, we will be referencing the private network 192.168.100.0/24 as our internal trusted network with all filtering relative to the public Internet. Implementation is similar for any external network.
For this example, we show how to permit PCsync to the host 192.168.100.45; permitting PCsync to connect to multiple hosts or an entire network is a trivial modification. This does not imply that hosts with private addresses can actually be reached from outside the trusted network, but is a safe example to use.
In privileged exec mode, create the following access-list (or append to an existing access-list) then apply the access-group to the external interface.
access-list 110 permit tcp any 192.168.100.45 eq 8080
interface ethernet0
ip address 192.168.100.1
access-group 110 in
Follow the same steps for ports 8443 and 8444.
Related Articles |  | |
|