Solved

ASA 5500

Posted on 2016-10-20
4
14 Views
Last Modified: 2016-11-08
I have a site to site vpn connection.   I'm using an ASA 5500 the customer is claiming that he needs tcp 7979 open from a specific bunch of IP's to an entire subnet.  I have the internal IPs in a group.  How can I configure them to use port 7979 which I don't believe is blocked.  I'm trying to do this via ADSM
0
Comment
Question by:WellingtonIS
  • 3
4 Comments
 
LVL 13

Accepted Solution

by:
SIM50 earned 500 total points (awarded by participants)
Comment Utility
If you have the command configured "sysopt connection permit-vpn" than you are allowing the whole IP stack through the VPN tunnels. If you don't, modify ACL applied to outside interface to allow tcp/7979 to w/e network needed.
0
 

Author Comment

by:WellingtonIS
Comment Utility
What I did was add the service with all the tcp ports they needed including 7979 and created an ACL with the required port.  Which is what I think you're saying.
0
 
LVL 13

Expert Comment

by:SIM50
Comment Utility
If you have "sysopt connection permit-vpn" configured, it bypasses configured ACLs.

What I did was add the service with all the tcp ports they needed including 7979 and created an ACL with the required port.  Which is what I think you're saying.

You shouldn't create a brand new ACL. You should add those lines to the existing ACL applied to the outside interface. The ACL doesn't take effect until it is applied to an interface. If you would apply your new ACL to outside interface, it would break you current traffic.
0
 
LVL 13

Expert Comment

by:SIM50
Comment Utility
Solution.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now