https://community.cisco.com/t5/network-security/open-port/m-p/2140827#M358158 <HTML><HEAD></HEAD><BODY><P>As Jouni said, you don't have to open anything if we're talking about traffic, going through vpn-connection, as long as your configuration doesn't include <EM><STRONG>no</STRONG> sysopt connection permit-vpn</EM>. By default, all vpn-traffic is allowed throug and not matched against interfaces ACLs. </P><P>To controll traffic through the vpn-tunnel you've got two options:</P><P>-enter <EM>no sysopt connection permit-vpn</EM> - interface acl will be used to filter vpn-traffic;</P><P>-apply <EM>vpn-filter</EM> to the group-policy, used for connecting endpoints.</P></BODY></HTML> Mon, 15 Apr 2013 21:18:23 GMT Andrew Phirsov 2013-04-15T21:18:23Z https://community.cisco.com/t5/network-security/open-port/m-p/2140824#M358153 <P>I need to open a specified port on an ASA 5520 8.2 which will allow 2 ip addresses&nbsp; access to databases over a vpn?...pleae advise, thx!!</P> Tue, 12 Mar 2019 01:28:42 GMT https://community.cisco.com/t5/network-security/open-port/m-p/2140824#M358153 cortney dash 2019-03-12T01:28:42Z https://community.cisco.com/t5/network-security/open-port/m-p/2140825#M358154 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>At its default setting ASA allows all traffic to bypass interface ACLs / Access Lists for connections that are coming through VPN connections.</P><P></P><P>Though in your case its really hard to say with such little information to go by.</P><P></P><P>- Jouni</P></BODY></HTML> Mon, 15 Apr 2013 20:22:53 GMT https://community.cisco.com/t5/network-security/open-port/m-p/2140825#M358154 Jouni Forss 2013-04-15T20:22:53Z https://community.cisco.com/t5/network-security/open-port/m-p/2140826#M358155 <HTML><HEAD></HEAD><BODY><P> how can this be done manually?....I don't have a lot of information but what could I add that would assist i nthe prognosis?</P></BODY></HTML> Mon, 15 Apr 2013 21:07:09 GMT https://community.cisco.com/t5/network-security/open-port/m-p/2140826#M358155 cortney dash 2013-04-15T21:07:09Z https://community.cisco.com/t5/network-security/open-port/m-p/2140827#M358158 <HTML><HEAD></HEAD><BODY><P>As Jouni said, you don't have to open anything if we're talking about traffic, going through vpn-connection, as long as your configuration doesn't include <EM><STRONG>no</STRONG> sysopt connection permit-vpn</EM>. By default, all vpn-traffic is allowed throug and not matched against interfaces ACLs. </P><P>To controll traffic through the vpn-tunnel you've got two options:</P><P>-enter <EM>no sysopt connection permit-vpn</EM> - interface acl will be used to filter vpn-traffic;</P><P>-apply <EM>vpn-filter</EM> to the group-policy, used for connecting endpoints.</P></BODY></HTML> Mon, 15 Apr 2013 21:18:23 GMT https://community.cisco.com/t5/network-security/open-port/m-p/2140827#M358158 Andrew Phirsov 2013-04-15T21:18:23Z https://community.cisco.com/t5/network-security/open-port/m-p/2140828#M358160 <HTML><HEAD></HEAD><BODY><P> I think I am just explaining it incorrectly which is my fault and I apologize!!....</P><P>the instructions given to me are as follows: </P><P>request port 7799 be opened for 192.X.X.X and 172.X.X.X used to access databases on tblshp3 over the VPN for JLG</P></BODY></HTML> Mon, 15 Apr 2013 21:46:37 GMT https://community.cisco.com/t5/network-security/open-port/m-p/2140828#M358160 cortney dash 2013-04-15T21:46:37Z