ASA 5500

Posted on 2016-10-20
Last Modified: 2016-11-08
I have a site to site vpn connection.   I'm using an ASA 5500 the customer is claiming that he needs tcp 7979 open from a specific bunch of IP's to an entire subnet.  I have the internal IPs in a group.  How can I configure them to use port 7979 which I don't believe is blocked.  I'm trying to do this via ADSM
Question by:WellingtonIS
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 14

Accepted Solution

SIM50 earned 500 total points (awarded by participants)
ID: 41852136
If you have the command configured "sysopt connection permit-vpn" than you are allowing the whole IP stack through the VPN tunnels. If you don't, modify ACL applied to outside interface to allow tcp/7979 to w/e network needed.

Author Comment

ID: 41852144
What I did was add the service with all the tcp ports they needed including 7979 and created an ACL with the required port.  Which is what I think you're saying.
LVL 14

Expert Comment

ID: 41852155
If you have "sysopt connection permit-vpn" configured, it bypasses configured ACLs.

What I did was add the service with all the tcp ports they needed including 7979 and created an ACL with the required port.  Which is what I think you're saying.

You shouldn't create a brand new ACL. You should add those lines to the existing ACL applied to the outside interface. The ACL doesn't take effect until it is applied to an interface. If you would apply your new ACL to outside interface, it would break you current traffic.
LVL 14

Expert Comment

ID: 41878460

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question