11-11-2008 12:57 AM
Hi,
I have configured RA VPN Tunnel, everything is working fine, but now i want to allow only http/www port because vpn client should have access to only my application server, rest of the port needs to be blocked How do I do this?
Solved! Go to Solution.
11-11-2008 06:52 AM
Your ACL line 2 is totally incorrect.
1) HTTP is a TCP protocol, not UDP
2) You cannot have a source port of www - as this is in the restrcited ports range, your source port will ALWAYS be 1024 to 65535.
re-configure the line to:-
access-list RA-tunnel line 2 extended permit tcp 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0 eq www
HTH>
11-11-2008 06:12 AM
Check out the below - a good source of config examples:-
http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
HTH>
11-11-2008 06:46 AM
Hi Andrew,
I went thru the same site to configure the tunnel & to create the acl for same tunnel.
below the my acl:
anders4883-asa# show access-list RA-tunnel
access-list RA-tunnel; 3 elements
access-list RA-tunnel line 1 extended permit icmp 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0 (hitcnt=4) 0xa2541dbe
access-list RA-tunnel line 2 extended permit udp 192.168.1.0 255.255.255.0 eq www 10.0.0.0 255.255.255.0 eq www (hitcnt=0) 0xa7f31d26
access-list RA-tunnel line 3 extended deny ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0 (hitcnt=86) 0xa23d5fbf
Where 192.168.1.0/24 is my VPN pool ip & 10.0.0.0/24 is my application server subnet
I want to allow http://10.0.0.90 & icmp also.
rest of the things shold be blocked
Can u send the correct ACL for the same.
11-11-2008 06:52 AM
Your ACL line 2 is totally incorrect.
1) HTTP is a TCP protocol, not UDP
2) You cannot have a source port of www - as this is in the restrcited ports range, your source port will ALWAYS be 1024 to 65535.
re-configure the line to:-
access-list RA-tunnel line 2 extended permit tcp 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0 eq www
HTH>
11-11-2008 07:02 AM
Andrew,
Thx for ur Precious time
its working
11-11-2008 07:04 AM
np - glad to help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: