cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

3274
Views
5
Helpful
5
Replies
tkamish22
Beginner

How 2 allow Port Range Access via Site-to-Site VPN

I have 2 sites that are connected via a Site-to-Site VPN Tunnel.  And need to allow a Port Range from a core server at site one to site two.

Site one:

192.168.1.0/24

Core Server Address that needs the access:

192.168.1.150

Ports:

6000-6050

Rule that I added:

access-list inside_access_in line 3 extended permit tcp host 192.168.1.150 192.168.9.0 255.255.255.0 range 6000 6050

Site two:

192.168.9.0/24

Rule that I added:

access-list inside_access_in line 3 extended permit tcp host 192.168.9.0 255.255.255.0 192.168.1.150 range 6000 6050

I could not get this to work.  Any help is greatly appreciated!!!

I also tested with the above rules on the outside interface.

1 ACCEPTED SOLUTION

Accepted Solutions

Hi,

In order to allow certain ports across a VPN tunnel please check this out:

PIX/ASA 7.x and Later: VPN Filter (Permit Specific Port or Protocol) Configuration Example for L2L and Remote Access

Let me know if you have any questions.

Portu.

Please rate any posts you find useful.

View solution in original post

5 REPLIES 5
tkamish22
Beginner

Running 8.4(4)

Hello Sr,

Is the traffic allow on the crypto ACL?

Can we see the configuration of both sites to resolve this faster

Remember to rate all the answers, that is as important as a thanks for us

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

I didn't even think to put the rules in the crypto map ACL...I was placing them in the regular ACL. 

I will add the rules to the crypto_map and update the thread.

Thanks!!

Hello,

That is why, let me know as soon as you set that up.

Remember to rate all of the answers, that is as important as a thanks.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi,

In order to allow certain ports across a VPN tunnel please check this out:

PIX/ASA 7.x and Later: VPN Filter (Permit Specific Port or Protocol) Configuration Example for L2L and Remote Access

Let me know if you have any questions.

Portu.

Please rate any posts you find useful.

View solution in original post

Content for Community-Ad