How to open ports on Cisco ASA from off site through VPN connection

I have an ASA setup and when I am off-site and I connect to the ASA via Cisco VPN Client, I cannot connect to certain software packages that require connections using specific ports, plus if I run a tracert, I get no response at each hop, just the ip I am running the tracert on. Is there some setting I need to enter on the ASA to allow me to setup VPN so that anyone off-site can run run all software package like they were on-site and that I can get responses from all hops via a tracert command?
Who is Participating?
Svet PaperovIT ManagerCommented:
Ones the VPN connection is established there are two possibilities: either the whole traffic is tunnelled through the VPN (including the Internet one) or only a specified traffic is tunnelled, if split-tunnel and split-dns are configured for the VPN tunnel (on ASA site). In both cases the communication on all TCP and UDP ports to a tunnelled IP address goes through the VPN – that means, there is no need to open additional port on the firewall.

If you are doing tracert to an internal IP address through the VPN, you will not see any internet hop, again, because the traffic is tunnelled.

May be the only missing command on ASA is: same-security-traffic permit intra-interface
Is the traffic routed on the main site? Then you will have problems if you have not created NAT rules for the traffic. Can you help us out with a description of the following:
From IP (VPN assigned):?
To IP (server):
Running config from the ASA:
Greg27Author Commented:
Thanks for the help guys. I no longer have access to the firewall, so I cannot go any furhter with this issue, but I wanted to reward you both for the help. I am just not adding it to the knowledge base.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.