10-18-2007 03:45 AM - edited 03-03-2019 07:13 PM
Dear All ,
Please help me to solve this problem.I had ASA 5520 and 5505.ASA 5505 on connection i want to allow some port like port 80,3900,5900 and other port deny.
But when i allow this port the connection VPN not work.I don't know why has the problem.This command that i configure on ASA 5505:
access-list outside extended permit icmp any any
access-list 170 extended permit tcp host 192.1.1.1 host 192.4.4.1 eq 80
access-list 170 extended deny tcp host 192.1.1.1 host 192.4.4.1 eq 5900
access-list 170 extended permit tcp host 192.1.1.1 host 192.4.4.1 5900
access-list 170 deny ip any any
access-list 170 deny udp any any
access-list 170 deny tcp any any
access-list VPN extended permit tcp host 192.1.1.1 host 192.4.4.1 eq 80
access-list VPN extended deny tcp host 192.1.1.1 host 192.4.4.1 eq 5900
access-list VPN extended permit tcp host 192.1.1.1 host 192.4.4.1 5900
access-list VPN deny ip any any
access-list VPN deny udp any any
access-list VPN deny tcp any any
Best Regards,
10-18-2007 05:44 AM
Hi Recherd,
Can you please tell me which VPN type u r useing.....?
May be the port u are blocking are in that range thoses are used to build the VPN.
10-18-2007 06:06 PM
Dear Sir,
Than you for your email.
I used VPN type Lan to Lan.
By the way, when i use this command the VPN is working.
access-list outside extended permit icmp any any
access-list 170 extended permit ip 192.1.1.1 255.255.255.0 192.4.4.0 255.255.255.0
access-list VPN extended permit ip 192.1.1.0 255.255.255.0 192.4.4.0 255.255.255.0
But i don't want use this command, i would like to specific on port only.
could you advise me which command that i can use?
Best Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: