ASA 5505 and RVL200

Unanswered Question
Aug 27th, 2009

I have created a successful IpSEC VPN tunnel between a Linksys RVL200 and ASA 5505 using the Site to Site VPN Wizard. After settings on both devices are matching, the tunnel connects but a client software on the remote site cannot use port 3306. Do I have to configure additional ACl / ACE policies to make the traffic enabled? I assumed (because I am a newbie) that once the private tunnel is establoshed, all traffic is allowed on the interfaces. I spoke to a L1 technician at the hosting facility and they said that the configuration needs tweaking because it is "dropping packets". The client software works perfectly fine when the RVL200 is connected to an RVL200 via an ipsec tunnel - so the only thing I changed was the ASA device.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Fri, 08/28/2009 - 04:41

Hello Shawn,

the ASA is a firewall appliance and so it may need a tweak of ACLs applied to the interfaces.

in simple words: the ASA allows connections that are started (first TCP packet) from the most trusted interfaces (the internal ones)

to have a TCP session that can open from a less trusted to a most trusted interface you need to change the ACL that operates inbound (rx side) on the less trusted interface.

you can find better help if you attach a filtered version of the configuration of the ASA

Hope to help



This Discussion