cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


2410
Views
5
Helpful
5
Replies
Highlighted
Beginner

How 2 allow Port Range Access via Site-to-Site VPN

I have 2 sites that are connected via a Site-to-Site VPN Tunnel.  And need to allow a Port Range from a core server at site one to site two.

Site one:

192.168.1.0/24

Core Server Address that needs the access:

192.168.1.150

Ports:

6000-6050

Rule that I added:

access-list inside_access_in line 3 extended permit tcp host 192.168.1.150 192.168.9.0 255.255.255.0 range 6000 6050

Site two:

192.168.9.0/24

Rule that I added:

access-list inside_access_in line 3 extended permit tcp host 192.168.9.0 255.255.255.0 192.168.1.150 range 6000 6050

I could not get this to work.  Any help is greatly appreciated!!!

I also tested with the above rules on the outside interface.

1 ACCEPTED SOLUTION

Accepted Solutions

How 2 allow Port Range Access via Site-to-Site VPN

Hi,

In order to allow certain ports across a VPN tunnel please check this out:

PIX/ASA 7.x and Later: VPN Filter (Permit Specific Port or Protocol) Configuration Example for L2L and Remote Access

Let me know if you have any questions.

Portu.

Please rate any posts you find useful.

View solution in original post

5 REPLIES 5
Beginner

How 2 allow Port Range Access via Site-to-Site VPN

Running 8.4(4)

How 2 allow Port Range Access via Site-to-Site VPN

Hello Sr,

Is the traffic allow on the crypto ACL?

Can we see the configuration of both sites to resolve this faster

Remember to rate all the answers, that is as important as a thanks for us

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Beginner

How 2 allow Port Range Access via Site-to-Site VPN

I didn't even think to put the rules in the crypto map ACL...I was placing them in the regular ACL. 

I will add the rules to the crypto_map and update the thread.

Thanks!!

How 2 allow Port Range Access via Site-to-Site VPN

Hello,

That is why, let me know as soon as you set that up.

Remember to rate all of the answers, that is as important as a thanks.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

How 2 allow Port Range Access via Site-to-Site VPN

Hi,

In order to allow certain ports across a VPN tunnel please check this out:

PIX/ASA 7.x and Later: VPN Filter (Permit Specific Port or Protocol) Configuration Example for L2L and Remote Access

Let me know if you have any questions.

Portu.

Please rate any posts you find useful.

View solution in original post

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here