ASA 5500

Posted on 2016-10-20
Last Modified: 2016-11-08
I have a site to site vpn connection.   I'm using an ASA 5500 the customer is claiming that he needs tcp 7979 open from a specific bunch of IP's to an entire subnet.  I have the internal IPs in a group.  How can I configure them to use port 7979 which I don't believe is blocked.  I'm trying to do this via ADSM
Question by:WellingtonIS
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 14

Accepted Solution

SIM50 earned 500 total points (awarded by participants)
ID: 41852136
If you have the command configured "sysopt connection permit-vpn" than you are allowing the whole IP stack through the VPN tunnels. If you don't, modify ACL applied to outside interface to allow tcp/7979 to w/e network needed.

Author Comment

ID: 41852144
What I did was add the service with all the tcp ports they needed including 7979 and created an ACL with the required port.  Which is what I think you're saying.
LVL 14

Expert Comment

ID: 41852155
If you have "sysopt connection permit-vpn" configured, it bypasses configured ACLs.

What I did was add the service with all the tcp ports they needed including 7979 and created an ACL with the required port.  Which is what I think you're saying.

You shouldn't create a brand new ACL. You should add those lines to the existing ACL applied to the outside interface. The ACL doesn't take effect until it is applied to an interface. If you would apply your new ACL to outside interface, it would break you current traffic.
LVL 14

Expert Comment

ID: 41878460

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ARP not working as expected 11 80
DHCP default-router command 1 32
VoIP Polycom Phones not working 30 71
pfsense upgrade from 2.2.6 to 2.3.3 28 90
This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question