Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Have problem on VPN

Dear All ,

Please help me to solve this problem.I had ASA 5520 and 5505.ASA 5505 on connection i want to allow some port like port 80,3900,5900 and other port deny.

But when i allow this port the connection VPN not work.I don't know why has the problem.This command that i configure on ASA 5505:

access-list outside extended permit icmp any any

access-list 170 extended permit tcp host 192.1.1.1 host 192.4.4.1 eq 80

access-list 170 extended deny tcp host 192.1.1.1 host 192.4.4.1 eq 5900

access-list 170 extended permit tcp host 192.1.1.1 host 192.4.4.1 5900

access-list 170 deny ip any any

access-list 170 deny udp any any

access-list 170 deny tcp any any

access-list VPN extended permit tcp host 192.1.1.1 host 192.4.4.1 eq 80

access-list VPN extended deny tcp host 192.1.1.1 host 192.4.4.1 eq 5900

access-list VPN extended permit tcp host 192.1.1.1 host 192.4.4.1 5900

access-list VPN deny ip any any

access-list VPN deny udp any any

access-list VPN deny tcp any any

Best Regards,

2 REPLIES
New Member

Re: Have problem on VPN

Hi Recherd,

Can you please tell me which VPN type u r useing.....?

May be the port u are blocking are in that range thoses are used to build the VPN.

New Member

Re: Have problem on VPN

Dear Sir,

Than you for your email.

I used VPN type Lan to Lan.

By the way, when i use this command the VPN is working.

access-list outside extended permit icmp any any

access-list 170 extended permit ip 192.1.1.1 255.255.255.0 192.4.4.0 255.255.255.0

access-list VPN extended permit ip 192.1.1.0 255.255.255.0 192.4.4.0 255.255.255.0

But i don't want use this command, i would like to specific on port only.

could you advise me which command that i can use?

Best Regards,

133
Views
0
Helpful
2
Replies
CreatePlease to create content