Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ASA 5500

Posted on 2016-10-20
4
Medium Priority
?
38 Views
Last Modified: 2016-11-08
I have a site to site vpn connection.   I'm using an ASA 5500 the customer is claiming that he needs tcp 7979 open from a specific bunch of IP's to an entire subnet.  I have the internal IPs in a group.  How can I configure them to use port 7979 which I don't believe is blocked.  I'm trying to do this via ADSM
0
Comment
Question by:WellingtonIS
  • 3
4 Comments
 
LVL 14

Accepted Solution

by:
SIM50 earned 2000 total points (awarded by participants)
ID: 41852136
If you have the command configured "sysopt connection permit-vpn" than you are allowing the whole IP stack through the VPN tunnels. If you don't, modify ACL applied to outside interface to allow tcp/7979 to w/e network needed.
0
 

Author Comment

by:WellingtonIS
ID: 41852144
What I did was add the service with all the tcp ports they needed including 7979 and created an ACL with the required port.  Which is what I think you're saying.
0
 
LVL 14

Expert Comment

by:SIM50
ID: 41852155
If you have "sysopt connection permit-vpn" configured, it bypasses configured ACLs.

What I did was add the service with all the tcp ports they needed including 7979 and created an ACL with the required port.  Which is what I think you're saying.

You shouldn't create a brand new ACL. You should add those lines to the existing ACL applied to the outside interface. The ACL doesn't take effect until it is applied to an interface. If you would apply your new ACL to outside interface, it would break you current traffic.
0
 
LVL 14

Expert Comment

by:SIM50
ID: 41878460
Solution.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question