	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

10/22/2009 at 07:11AM PDT, ID: 24834567

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

4.6

VNC through ASA 5520

Asked by hoshie329 in VNC Remote Access Software, Cisco PIX Firewall

Tags: VNC, ASA

I am trying to allow VNC through my ASA,

i have a policy that allows traffic full access to both the local and remote networks.

everytime i try to vnc to one of the machines i get the following error

6 Oct 22 2009 08:54:58 109025 10.165.165.238 4663 10.165.180.20 5900 Authorization denied (acl=Texas_Users) for user '<unknown>' from 10.165.165.238/4663 to 10.165.180.20/5900 on interface Inside using TCP

if i change the ACE to IP instead of TCP/5900 it works, But my boss want it more restricted

i have the access list attached

View the Solution FREE for 30 Days

         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:

           
           
             access-list ibttxspartner_splitTunnelAcl standard permit vlan165 255.255.255.0 
access-list ibttxspartner_splitTunnelAcl remark Permits access to the network server, restrictions applied by group policy Texas_Users
 
access-list Texas_Users extended permit icmp any any echo 
access-list Texas_Users extended permit icmp any any echo-reply 
access-list Texas_Users extended permit icmp any any traceroute 
access-list Texas_Users extended permit icmp any any time-exceeded 
access-list Texas_Users extended permit icmp any any unreachable 
access-list Texas_Users extended permit object-group TCPUDP 10.165.180.0 255.255.255.0 vlan165 255.255.255.0 eq 5900 
access-list Texas_Users extended permit object-group DM_INLINE_SERVICE_1 10.165.180.0 255.255.255.0 vlan165 255.255.255.0 
access-list Texas_Users remark HTTP
access-list Texas_Users extended permit tcp vlan165 255.255.255.0 10.165.180.0 255.255.255.0 eq www 
access-list Texas_Users remark HTTPS
access-list Texas_Users extended permit tcp vlan165 255.255.255.0 10.165.180.0 255.255.255.0 eq https 
access-list Texas_Users remark FTP Access
access-list Texas_Users extended permit tcp 10.165.180.0 255.255.255.0 host 10.165.165.98 eq ftp 
access-list Texas_Users remark Ftp Access
access-list Texas_Users extended permit tcp 10.165.180.0 255.255.255.0 host 10.165.165.98 eq ftp-data 
access-list Texas_Users extended permit tcp host 10.165.165.98 10.165.180.0 255.255.255.0 eq ftp 
access-list Texas_Users extended permit tcp host 10.165.165.98 10.165.180.0 255.255.255.0 eq ftp-data 
access-list Texas_Users remark SNF .47 Access
access-list Texas_Users extended permit ip 10.165.180.0 255.255.255.0 host 10.165.165.47 
access-list Texas_Users remark Snf .48 Access
access-list Texas_Users extended permit ip 10.165.180.0 255.255.255.0 host 10.165.165.48 
access-list Texas_Users remark SNF .49 Access
access-list Texas_Users extended permit ip 10.165.180.0 255.255.255.0 host 10.165.165.49 
access-list Texas_Users extended deny ip any any

           
         

20091111-EE-VQP-91 - Hierarchy / EE_QW_3_20080625

1. ai_ja_nai17,200
2. rindi15,100
3. Kechka9,675
4. zepar3036,000
4. sykojester6,000
6. fosiul015,000
7. artoaperjan4,884
8. JFrederic...4,500
9. dstewartjr4,490
10. jhyiesla4,100
11. RobWill4,000
11. strung4,000
11. farazhkhan4,000
14. SysExpert3,750
15. woolmilkp...3,000
15. uetian17073,000
15. KeremE3,000
15. hmare3,000
19. The_Com...2,892
20. bignewf2,798
21. oBdA2,750
22. MikeKane2,550
23. aleinss2,500
23. lrmoore2,500
23. gheist2,500
23. noci2,500
23. mwecom...2,500
23. nabeelmoidu2,500

1. RobWill30,048
2. rindi28,164
3. ai_ja_nai19,900
4. Barthax19,702
5. eoinosullivan13,150
6. SysExpert10,750
7. askrabbit10,179
8. Kechka9,675
9. strung7,664
10. KCTS7,547
11. fosiul017,504
12. lrmoore7,000
13. tsmvp6,104
14. Qlemo6,050
15. zepar3036,000
15. sykojester6,000
17. top_rung5,900
18. MikeKane5,750
19. Capt_Jack5,475
20. uetian17075,375
21. tigermatt5,180
22. aleinss4,900
23. artoaperjan4,884
24. jhyiesla4,850
25. nodramas4,672

VNC through ASA 5520

Asked by hoshie329 in VNC Remote Access Software, Cisco PIX Firewall

Tags: VNC, ASA

About this solution