cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
453
Views
0
Helpful
1
Replies

ASA 5505 and RVL200

shawnbure
Level 1
Level 1

I have created a successful IpSEC VPN tunnel between a Linksys RVL200 and ASA 5505 using the Site to Site VPN Wizard. After settings on both devices are matching, the tunnel connects but a client software on the remote site cannot use port 3306. Do I have to configure additional ACl / ACE policies to make the traffic enabled? I assumed (because I am a newbie) that once the private tunnel is establoshed, all traffic is allowed on the interfaces. I spoke to a L1 technician at the hosting facility and they said that the configuration needs tweaking because it is "dropping packets". The client software works perfectly fine when the RVL200 is connected to an RVL200 via an ipsec tunnel - so the only thing I changed was the ASA device.

1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Shawn,

the ASA is a firewall appliance and so it may need a tweak of ACLs applied to the interfaces.

in simple words: the ASA allows connections that are started (first TCP packet) from the most trusted interfaces (the internal ones)

to have a TCP session that can open from a less trusted to a most trusted interface you need to change the ACL that operates inbound (rx side) on the less trusted interface.

you can find better help if you attach a filtered version of the configuration of the ASA

Hope to help

Giuseppe

Review Cisco Networking for a $25 gift card