Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4685
Views
5
Helpful
5
Replies

How 2 allow Port Range Access via Site-to-Site VPN

Go to solution
tkamish22
Level 1
Level 1

‎09-06-2012 07:42 PM - edited ‎03-11-2019 04:51 PM

I have 2 sites that are connected via a Site-to-Site VPN Tunnel.  And need to allow a Port Range from a core server at site one to site two.

Site one:

192.168.1.0/24

Core Server Address that needs the access:

192.168.1.150

Ports:

6000-6050

Rule that I added:

access-list inside_access_in line 3 extended permit tcp host 192.168.1.150 192.168.9.0 255.255.255.0 range 6000 6050

Site two:

192.168.9.0/24

Rule that I added:

access-list inside_access_in line 3 extended permit tcp host 192.168.9.0 255.255.255.0 192.168.1.150 range 6000 6050

I could not get this to work.  Any help is greatly appreciated!!!

I also tested with the above rules on the outside interface.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Javier Portuguez
Level 9
Level 9

‎09-07-2012 08:32 AM

Hi,

In order to allow certain ports across a VPN tunnel please check this out:

PIX/ASA 7.x and Later: VPN Filter (Permit Specific Port or Protocol) Configuration Example for L2L and Remote Access

Let me know if you have any questions.

Portu.

Please rate any posts you find useful.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
tkamish22
Level 1
Level 1

‎09-06-2012 07:46 PM

Running 8.4(4)

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to tkamish22

‎09-06-2012 09:11 PM

Hello Sr,

Is the traffic allow on the crypto ACL?

Can we see the configuration of both sites to resolve this faster

Remember to rate all the answers, that is as important as a thanks for us

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
tkamish22
Level 1
Level 1
In response to Julio Carvajal

‎09-07-2012 07:15 AM

I didn't even think to put the rules in the crypto map ACL...I was placing them in the regular ACL. 

I will add the rules to the crypto_map and update the thread.

Thanks!!

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to tkamish22

‎09-07-2012 09:32 AM

Hello,

That is why, let me know as soon as you set that up.

Remember to rate all of the answers, that is as important as a thanks.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
Javier Portuguez
Level 9
Level 9

‎09-07-2012 08:32 AM

Hi,

In order to allow certain ports across a VPN tunnel please check this out:

PIX/ASA 7.x and Later: VPN Filter (Permit Specific Port or Protocol) Configuration Example for L2L and Remote Access

Let me know if you have any questions.

Portu.

Please rate any posts you find useful.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card