Open port

cortney dash · ‎04-15-2013

I need to open a specified port on an ASA 5520 8.2 which will allow 2 ip addresses access to databases over a vpn?...pleae advise, thx!!

Jouni Forss · ‎04-15-2013

Hi,

At its default setting ASA allows all traffic to bypass interface ACLs / Access Lists for connections that are coming through VPN connections.

Though in your case its really hard to say with such little information to go by.

- Jouni

cortney dash · ‎04-15-2013

how can this be done manually?....I don't have a lot of information but what could I add that would assist i nthe prognosis?

Andrew Phirsov · ‎04-15-2013

As Jouni said, you don't have to open anything if we're talking about traffic, going through vpn-connection, as long as your configuration doesn't include no sysopt connection permit-vpn. By default, all vpn-traffic is allowed throug and not matched against interfaces ACLs.

To controll traffic through the vpn-tunnel you've got two options:

-enter no sysopt connection permit-vpn - interface acl will be used to filter vpn-traffic;

-apply vpn-filter to the group-policy, used for connecting endpoints.

cortney dash · ‎04-15-2013

I think I am just explaining it incorrectly which is my fault and I apologize!!....

the instructions given to me are as follows:

request port 7799 be opened for 192.X.X.X and 172.X.X.X used to access databases on tblshp3 over the VPN for JLG