topic Need help with firewall rule in Network Security https://community.cisco.com/t5/network-security/need-help-with-firewall-rule/m-p/3868559#M28218 <P class="rz6fp9-10 himKiy">Hello</P><P class="rz6fp9-10 himKiy">&nbsp;</P><P class="rz6fp9-10 himKiy">We have a couple of servers that need to communicate with each other over a site-to-site VPN connection. We've allowed the port required for the application to work (tcp/8443) but we can also see from Wireshark that they are sending Application Data over TLSv1.2. If we open up the firewall rule to allow all IP traffic then communication between the servers works fin. I also tried adding port 443 in case TLS runs over that instead of 8443 but no luck. Any ideas? We are using Cisco ASAs on both sides of the S2S tunnel.</P><P class="rz6fp9-10 himKiy">&nbsp;</P><P class="rz6fp9-10 himKiy">Thanks</P> Thu, 06 Jun 2019 01:25:56 GMT aok 2019-06-06T01:25:56Z Need help with firewall rule https://community.cisco.com/t5/network-security/need-help-with-firewall-rule/m-p/3868559#M28218 <P class="rz6fp9-10 himKiy">Hello</P><P class="rz6fp9-10 himKiy">&nbsp;</P><P class="rz6fp9-10 himKiy">We have a couple of servers that need to communicate with each other over a site-to-site VPN connection. We've allowed the port required for the application to work (tcp/8443) but we can also see from Wireshark that they are sending Application Data over TLSv1.2. If we open up the firewall rule to allow all IP traffic then communication between the servers works fin. I also tried adding port 443 in case TLS runs over that instead of 8443 but no luck. Any ideas? We are using Cisco ASAs on both sides of the S2S tunnel.</P><P class="rz6fp9-10 himKiy">&nbsp;</P><P class="rz6fp9-10 himKiy">Thanks</P> Thu, 06 Jun 2019 01:25:56 GMT https://community.cisco.com/t5/network-security/need-help-with-firewall-rule/m-p/3868559#M28218 aok 2019-06-06T01:25:56Z Re: Need help with firewall rule https://community.cisco.com/t5/network-security/need-help-with-firewall-rule/m-p/3868634#M28219 <P>Can you post the current configuration, version ASA running on both side.</P> <P>when you intiate the connection, what is the logs in ASA on the destination side ? also from Source side ?</P> <P>&nbsp;</P> Thu, 06 Jun 2019 06:55:56 GMT https://community.cisco.com/t5/network-security/need-help-with-firewall-rule/m-p/3868634#M28219 balaji.bandi 2019-06-06T06:55:56Z