02-02-2009 05:04 AM - edited 02-21-2020 04:08 PM
Hi all,
I have a problem with an ASA (5520 8.0(4)) failing to work with a port based acl for remote clients. I have a simple one line acl for the split traffic, if I permit IP the tunnel works fine, if I lock it down to TCP 3389 then rdp will not work. I am seeing nothing in the logs and debug output, I have not had a problem with an identical setup (5510 8.0(4) and am at a loss to explain it.
Has anybody seen this problem before? I have nat exclusions etc and as I said, the tunnel only works when the acl permits all IP traffic between client and server.
Thx in advance
Solved! Go to Solution.
02-02-2009 06:05 PM
Split tunnel list can only be IP, if you want to restrict what ports are sent via the vpn tunnel for your vpn clients you need to use VPN Filters under the group policy:
02-02-2009 06:05 PM
Split tunnel list can only be IP, if you want to restrict what ports are sent via the vpn tunnel for your vpn clients you need to use VPN Filters under the group policy:
02-03-2009 01:02 AM
Many thanks, that has cleared it up for me, interestingly the port based acl does seem to work on the webvpn.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: