cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
520
Views
0
Helpful
2
Replies

ASA 5520 8.0(4) port based vpn acl not working

qubenetworks
Level 1
Level 1

Hi all,

I have a problem with an ASA (5520 8.0(4)) failing to work with a port based acl for remote clients. I have a simple one line acl for the split traffic, if I permit IP the tunnel works fine, if I lock it down to TCP 3389 then rdp will not work. I am seeing nothing in the logs and debug output, I have not had a problem with an identical setup (5510 8.0(4) and am at a loss to explain it.

Has anybody seen this problem before? I have nat exclusions etc and as I said, the tunnel only works when the acl permits all IP traffic between client and server.

Thx in advance

1 Accepted Solution

Accepted Solutions

Ivan Martinon
Level 7
Level 7

Split tunnel list can only be IP, if you want to restrict what ports are sent via the vpn tunnel for your vpn clients you need to use VPN Filters under the group policy:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

View solution in original post

2 Replies 2

Ivan Martinon
Level 7
Level 7

Split tunnel list can only be IP, if you want to restrict what ports are sent via the vpn tunnel for your vpn clients you need to use VPN Filters under the group policy:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

Many thanks, that has cleared it up for me, interestingly the port based acl does seem to work on the webvpn.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: