Have problem on VPN

rechard_david · ‎10-18-2007

Dear All ,

Please help me to solve this problem.I had ASA 5520 and 5505.ASA 5505 on connection i want to allow some port like port 80,3900,5900 and other port deny.

But when i allow this port the connection VPN not work.I don't know why has the problem.This command that i configure on ASA 5505:

access-list outside extended permit icmp any any

access-list 170 extended permit tcp host 192.1.1.1 host 192.4.4.1 eq 80

access-list 170 extended deny tcp host 192.1.1.1 host 192.4.4.1 eq 5900

access-list 170 extended permit tcp host 192.1.1.1 host 192.4.4.1 5900

access-list 170 deny ip any any

access-list 170 deny udp any any

access-list 170 deny tcp any any

access-list VPN extended permit tcp host 192.1.1.1 host 192.4.4.1 eq 80

access-list VPN extended deny tcp host 192.1.1.1 host 192.4.4.1 eq 5900

access-list VPN extended permit tcp host 192.1.1.1 host 192.4.4.1 5900

access-list VPN deny ip any any

access-list VPN deny udp any any

access-list VPN deny tcp any any

Best Regards,

ganpatspatil · ‎10-18-2007

Hi Recherd,

Can you please tell me which VPN type u r useing.....?

May be the port u are blocking are in that range thoses are used to build the VPN.

rechard_david · ‎10-18-2007

Dear Sir,

Than you for your email.

I used VPN type Lan to Lan.

By the way, when i use this command the VPN is working.

access-list outside extended permit icmp any any

access-list 170 extended permit ip 192.1.1.1 255.255.255.0 192.4.4.0 255.255.255.0

access-list VPN extended permit ip 192.1.1.0 255.255.255.0 192.4.4.0 255.255.255.0

But i don't want use this command, i would like to specific on port only.

could you advise me which command that i can use?

Best Regards,