Cisco ASA Configuration Help Required - Security Levels

Basically need a host in a lower level vlan to be able to access a host at the end of a VPN link that is running from another vlan which is at a higher level. Just need to know what config I need to do this. i have attached a diagram to show what I would like to achieve

Current setup of network
Who is Participating?
fgasimzadeConnect With a Mentor Commented:
access-list extended permit tcp  host eq 3277 tcp host eq 3277

Apply this access list to ASA interface with security level 50 (

Do you have any NAT configured on ASA between these interfaces? If yes, you would need an exempt

You would also need to add subnet to the encrypted subnets on VPN device
InteraXConnect With a Mentor Commented:
For this, I've assuming you have the VPN in place. Do you implicitly trust the VPN traffic?

On the firewall closest to the host initiating the traffic, you will need to create an ACE on the interface the traffic arrives on to allow the traffic through.

If you implicitly trust VPN traffic at both ends, that's it. If you don't implicitly trust VPN traffic, you will need to create a matching ACE on the remote firewalls VPN interface.
greentriangleAuthor Commented:
Still looking into...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.