Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


2404
Views
5
Helpful
5
Replies
tkamish22
tkamish22 Beginner
Beginner
‎09-06-2012 07:42 PM
‎09-06-2012 07:42 PM

How 2 allow Port Range Access via Site-to-Site VPN

I have 2 sites that are connected via a Site-to-Site VPN Tunnel.  And need to allow a Port Range from a core server at site one to site two.

Site one:

192.168.1.0/24

Core Server Address that needs the access:

192.168.1.150

Ports:

6000-6050

Rule that I added:

access-list inside_access_in line 3 extended permit tcp host 192.168.1.150 192.168.9.0 255.255.255.0 range 6000 6050

Site two:

192.168.9.0/24

Rule that I added:

access-list inside_access_in line 3 extended permit tcp host 192.168.9.0 255.255.255.0 192.168.1.150 range 6000 6050

I could not get this to work.  Any help is greatly appreciated!!!

I also tested with the above rules on the outside interface.

Labels:
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Javier Portuguez
Javier Portuguez Engager
Engager
‎09-07-2012 08:32 AM
‎09-07-2012 08:32 AM

How 2 allow Port Range Access via Site-to-Site VPN

Hi,

In order to allow certain ports across a VPN tunnel please check this out:

PIX/ASA 7.x and Later: VPN Filter (Permit Specific Port or Protocol) Configuration Example for L2L and Remote Access

Let me know if you have any questions.

Portu.

Please rate any posts you find useful.

View solution in original post

0 Helpful
Reply
5 REPLIES 5
Highlighted
tkamish22
tkamish22 Beginner
Beginner
‎09-06-2012 07:46 PM
‎09-06-2012 07:46 PM

How 2 allow Port Range Access via Site-to-Site VPN

Running 8.4(4)

0 Helpful
Reply
Julio Carvajal
Julio Carvajal Advisor
Advisor
‎09-06-2012 09:11 PM
‎09-06-2012 09:11 PM

How 2 allow Port Range Access via Site-to-Site VPN

Hello Sr,

Is the traffic allow on the crypto ACL?

Can we see the configuration of both sites to resolve this faster

Remember to rate all the answers, that is as important as a thanks for us

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Reply
tkamish22
tkamish22 Beginner
Beginner
‎09-07-2012 07:15 AM
‎09-07-2012 07:15 AM

How 2 allow Port Range Access via Site-to-Site VPN

I didn't even think to put the rules in the crypto map ACL...I was placing them in the regular ACL. 

I will add the rules to the crypto_map and update the thread.

Thanks!!

0 Helpful
Reply
Julio Carvajal
Julio Carvajal Advisor
Advisor
‎09-07-2012 09:32 AM
‎09-07-2012 09:32 AM

How 2 allow Port Range Access via Site-to-Site VPN

Hello,

That is why, let me know as soon as you set that up.

Remember to rate all of the answers, that is as important as a thanks.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Reply
Javier Portuguez
Javier Portuguez Engager
Engager
‎09-07-2012 08:32 AM
‎09-07-2012 08:32 AM

How 2 allow Port Range Access via Site-to-Site VPN

Hi,

In order to allow certain ports across a VPN tunnel please check this out:

PIX/ASA 7.x and Later: VPN Filter (Permit Specific Port or Protocol) Configuration Example for L2L and Remote Access

Let me know if you have any questions.

Portu.

Please rate any posts you find useful.

View solution in original post

0 Helpful
Reply
Latest Contents
Monitoring Failover status (ASA Cluster, Active/Standby) by ...
Created by Oleg Volkov on 12-12-2019 02:26 AM
0
0
0
0
Hi.Want to know Failover cluster status? If You have PRTG do it in 5 min.Download my sensor.Deploy REST API to Your ASA,sAdd my sensor to PRTG and set parameters:In PRTG device settings add linux user and password (ASA user, which have read permissions)-u... view more
#CiscoChat Live: Consumer Perspectives on Data Privacy
Created by Kelli Glass on 12-10-2019 11:00 AM
0
0
0
0
Join us live on Thursday, December 12 at 10:00 am PT (and on demand after) for an in-depth look at the latest Cisco Cybersecurity report. The Cisco 2019 Consumer Privacy Survey shows consumers placing a greater premium on data privacy, providing comp... view more
#CiscoChat Live: Consumer Perspectives on Data Privacy
Created by Kelli Glass on 12-10-2019 10:55 AM
0
0
0
0
Join us live on Thursday, December 12 at 10:00 am PT (and on demand after) for an in-depth look at the latest Cisco Cybersecurity report. The Cisco 2019 Consumer Privacy Survey shows consumers placing a greater premium on data privacy, providing comp... view more
How to find/get the registration key from FTD
Created by Eahwar34 on 12-06-2019 03:14 AM
0
0
0
0
We are in need of finding registration key used for our FTD , unfortunately we have forget the key and also it is encrypted . How to find the key from FTD ?
ISE My Devices & Sponsor Portal as a User Change Password Po...
Created by Jason Kunst on 12-05-2019 10:24 AM
3
0
3
0
This is to address those customers coming to ISE from ACS or new to ISE that need a password change portal (UCP) What are the licensing requirements for this solution? My Devices - For using the password change with My Devices you need plus licenses as ... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
FusionCharts will render here