I have a problem with an ASA (5520 8.0(4)) failing to work with a port based acl for remote clients. I have a simple one line acl for the split traffic, if I permit IP the tunnel works fine, if I lock it down to TCP 3389 then rdp will not work. I am seeing nothing in the logs and debug output, I have not had a problem with an identical setup (5510 8.0(4) and am at a loss to explain it.
Has anybody seen this problem before? I have nat exclusions etc and as I said, the tunnel only works when the acl permits all IP traffic between client and server.
Thx in advance
Split tunnel list can only be IP, if you want to restrict what ports are sent via the vpn tunnel for your vpn clients you need to use VPN Filters under the group policy: