Have problem on VPN

Unanswered Question
Oct 18th, 2007
User Badges:

Dear All ,


Please help me to solve this problem.I had ASA 5520 and 5505.ASA 5505 on connection i want to allow some port like port 80,3900,5900 and other port deny.

But when i allow this port the connection VPN not work.I don't know why has the problem.This command that i configure on ASA 5505:

access-list outside extended permit icmp any any

access-list 170 extended permit tcp host 192.1.1.1 host 192.4.4.1 eq 80

access-list 170 extended deny tcp host 192.1.1.1 host 192.4.4.1 eq 5900

access-list 170 extended permit tcp host 192.1.1.1 host 192.4.4.1 5900

access-list 170 deny ip any any

access-list 170 deny udp any any

access-list 170 deny tcp any any


access-list VPN extended permit tcp host 192.1.1.1 host 192.4.4.1 eq 80

access-list VPN extended deny tcp host 192.1.1.1 host 192.4.4.1 eq 5900

access-list VPN extended permit tcp host 192.1.1.1 host 192.4.4.1 5900

access-list VPN deny ip any any

access-list VPN deny udp any any

access-list VPN deny tcp any any


Best Regards,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ganpatspatil Thu, 10/18/2007 - 05:44
User Badges:

Hi Recherd,


Can you please tell me which VPN type u r useing.....?


May be the port u are blocking are in that range thoses are used to build the VPN.



rechard_david Thu, 10/18/2007 - 18:06
User Badges:

Dear Sir,


Than you for your email.

I used VPN type Lan to Lan.

By the way, when i use this command the VPN is working.


access-list outside extended permit icmp any any

access-list 170 extended permit ip 192.1.1.1 255.255.255.0 192.4.4.0 255.255.255.0

access-list VPN extended permit ip 192.1.1.0 255.255.255.0 192.4.4.0 255.255.255.0


But i don't want use this command, i would like to specific on port only.

could you advise me which command that i can use?


Best Regards,


Actions

This Discussion