• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 43
  • Last Modified:

ASA 5500

I have a site to site vpn connection.   I'm using an ASA 5500 the customer is claiming that he needs tcp 7979 open from a specific bunch of IP's to an entire subnet.  I have the internal IPs in a group.  How can I configure them to use port 7979 which I don't believe is blocked.  I'm trying to do this via ADSM
0
WellingtonIS
Asked:
WellingtonIS
  • 3
1 Solution
 
SIM50Commented:
If you have the command configured "sysopt connection permit-vpn" than you are allowing the whole IP stack through the VPN tunnels. If you don't, modify ACL applied to outside interface to allow tcp/7979 to w/e network needed.
0
 
WellingtonISAuthor Commented:
What I did was add the service with all the tcp ports they needed including 7979 and created an ACL with the required port.  Which is what I think you're saying.
0
 
SIM50Commented:
If you have "sysopt connection permit-vpn" configured, it bypasses configured ACLs.

What I did was add the service with all the tcp ports they needed including 7979 and created an ACL with the required port.  Which is what I think you're saying.

You shouldn't create a brand new ACL. You should add those lines to the existing ACL applied to the outside interface. The ACL doesn't take effect until it is applied to an interface. If you would apply your new ACL to outside interface, it would break you current traffic.
0
 
SIM50Commented:
Solution.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now