Cisco 806 // Connect to SQL Server

[SiJP]

I have a requirement to connect to a remote SQL server from my PC, however, I believe that our Cisco 806 router needs to be configured in order to do so.

Basically, the remote SQL server is set up ok, and I can connect to it from an IP that doesn't sit behind this router (e.g. one in the DMZ).

I have little (i.e. 'no') experience in dealing with cisco routers (or networking come to think of it!), so learning how to open up port 1433 has come as somewhat a little shock.

I've opened a telnet session to our router, and I believe I need to change the access list, but am unsure how to. From the research I've done, is it as simple as doing this(?):

Router#access-list 101 permit tcp any host xxx.xxx.xxx.xxx eq 1433

(With this I aim to allow access from my IP to the remote IP on port 1433 only).

- Is this the right command?
- Do I need to type anything else to make this a permanent entry in the ACL?

Thanks in advance.

Network-n00b

------------------------
Hit any User to continue

 

[lgarner]

That's the right command to allow any computer to access a specific host at address xxx.xxx.xxx.xxx via tcp port 1433. Whether that's all you need to type depends on the current configuration of access-list 101, if any. Posting at least the rest of that list would help.

To make it permanent, type "write mem" to write the new configuration to non-volatile memory.

 

[SiJP]

lgarner - thanks for the response. I presume from your comment above about the dependants of the current config, one would be led to thinking access is processed in a heiracle form?

This is the contents of #show access-list 101:

Extended IP access list 101
deny icmp any any (20 matches)
permit tcp host 158.152.173.220 eq telnet host 217.xxx.xxx.181
permit tcp host 158.152.173.220 gt 1023 host 217.xxx.xxx.181 eq telnet
permit tcp any eq

http://www host

217.xxx.xxx.181 gt 1023 (81215 matches)
permit tcp any gt 1023 host 217.xxx.xxx.181 eq

http://www (90

matches)
permit tcp any eq

http://www host

217.xxx.xxx.178 gt 1023
permit tcp any gt 1023 host 217.xxx.xxx.178 eq

http://www (123

matches)
permit tcp any eq 443 host 217.xxx.xxx.181 gt 1023 (2341 matches)
permit tcp any gt 1023 host 217.xxx.xxx.181 eq 443 (2 matches)
permit tcp any gt 1023 host 217.xxx.xxx.181 eq smtp
permit tcp any eq smtp 10.0.0.0 0.255.255.255 gt 1023
permit tcp any eq smtp host 217.xxx.xxx.181 gt 1023 (7949 matches)
permit tcp any eq smtp host 217.xxx.xxx.178 gt 1023
permit tcp any gt 1023 10.0.0.0 0.255.255.255 eq smtp
permit tcp any gt 1023 host 217.xxx.xxx.178 eq smtp (17407 matches)
permit tcp any gt 1023 host 217.xxx.xxx.181 gt 1023 (21241 matches)
permit udp any gt 1023 host 217.xxx.xxx.181 gt 1023 (91 matches)
permit udp any eq domain host 217.xxx.xxx.181 (2646 matches)
permit tcp any eq domain host 217.xxx.xxx.181 (957 matches)
permit tcp any eq ftp host 217.xxx.xxx.181 gt 1023
permit tcp any eq ftp-data host 217.xxx.xxx.181 gt 1023
permit tcp any eq pop3 host 217.xxx.xxx.181 gt 1023
permit tcp any gt 1023 host 217.xxx.xxx.181 eq pop3
permit tcp any eq pop3 10.0.0.0 0.255.255.255 gt 1023
permit tcp any eq pop3 host 217.xxx.xxx.178 gt 1023
permit tcp any gt 1023 host 217.xxx.xxx.178 eq pop3
permit tcp any gt 1023 host 217.xxx.xxx.181 eq 3389
permit tcp any gt 1023 host 217.xxx.xxx.178 eq 3389 (5 matches)
permit tcp any eq 3389 10.0.0.0 0.255.255.255 gt 1023
permit tcp any eq nntp 10.0.0.0 0.255.255.255 gt 1023
permit gre any host 217.xxx.xxx.178 (2236 matches)
permit tcp any eq 1723 host 217.xxx.xxx.178 gt 1023
permit tcp any gt 1023 host 217.xxx.xxx.178 eq 1723 (500 matches)
deny ip any any (660 matches)

------------------------
Hit any User to continue