cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1045
Views
4
Helpful
4
Replies

Site to Site VPN: Need to open port for AVG virus software

daniel8751
Level 1
Level 1

I replaced my NetGear FVS338 with ASA 5505 on my web server network. So now I have ASA 5505 on both of my networks.

Exchange server: 192.168.0.1

Web Server: 192.168.1.10

Site to Site VPN is working.

RDP (Remote desktop) is working.

AVG Virus software manager on 192.168.0.1 can't update definition files on 192.168.1.10.

AVG requires TCP 6150, TCP 135 and UDP 135 ports.

I never had to open any ports on the NetGear VPN tunnel.

But I assume since it's not working, I need to do this on the ASA 5505.

I've tried different NAT and Firewall port configurations and none have worked.

Any help would be greatly appreciated.

I mostly use ASDM, but I command line if I have to.

Regards,

Dan

4 Replies 4

Ivan Martinon
Level 7
Level 7

By default all ports should be opened on your ASA when you define a vpn site to site tunnel, unless of course the command "sysopt connection permit-vpn" is off, if you do not have that off then try to gather some logs on both firewalls making sure those are capture when the update is performed we should see if the asa is blocking anything.

Thanks for your response.

sysopt connection permit-vpn

How do I know if this is off?

I searched my running config and don't see anything about sysopt. Does that mean it's on?

Is there an example of what the line would look like in the running config or where I would go in ASDM to see if it's on or not?

Thanks!

The fact that you don't see it means that it is on by default, check the "show run all sysopt" you should see it now.

Thanks - I figured it out - was a rights issue on the Exchange Server - nothing to do with firewall.

Once I knew it wasn't the firewall, made it a lot easier to find.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: