Backdoor Access To Cisco Devnet Reserved Sandboxes – Windows Portproxy
I recently needed to do a demo of my Cisco ACI Ansible stuff, and unfortunately the always on service was down for maint…NBD I’ll reserve one. “Uhhh you can only get direct access via the anyconnect client…oh no…”
So to get the lab up quick fast I ran the anyconnect client on my workstation, then ran a TCP port map on my machine with the following:
1 | netsh interface portproxy add v4tov4 listenport=443 connectaddress=10.10.20.14 connectport=443 listenaddress=192.168.51.254 protocol=tcp |
The above command will listen on my local 443, then forward it to the remote host through the anyconnect client on 443 also. You can listen on one port and proxy to another, so keep that in mind.
Basic command settings:
1 | netsh interface portproxy add v4tov4 listenport=80 connectaddress=ip-of-server-on-internet connectport=23 listenaddress=ip-of-windows-machine protocol=tcp |
Also, don’t forget to open up your windows firewall for whatever the “listen” port is, otherwise the remote machines won’t be able to connect.
At this point I opened up my ansible tower and adjusted the creds for the ACI server(using the IP address of my workstation as that of the ACI) and awwwwaaaayyyy it went 🙂