03-18-2015 06:00 PM - edited 03-05-2019 01:03 AM
I'm having issues where VPN users are trying to hit a particular server on a particular port. When connected to the LAN they can connect no problems, but not via VPN. However, via the VPN they can PING the device and RDP to it. I've checked the ACL on the ASA 5510 and it appears that the ports are open. Any ideas how I can capture or trace what's blocking them from hitting this IP and port?
for arguments sake, let's say 10.1.1.1 is the IP of the device and the port is 211
When connected via VPN they get a 172.16.x.x address.
Any help will be greatly appreciated
Solved! Go to Solution.
03-18-2015 06:43 PM
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110117-asa-capture-asdm-config.html
This link has both ASDM and CLI guides
HTH. Plz rate the answer if it fixes your problem. thanks
03-18-2015 06:25 PM
it should work as long as it is allowed in the split tunnel acl. have you checked that yet?
03-18-2015 06:32 PM
I haven't got a split tunnel acl in place. I'm just wondering how I can log/capture/analyze what's occurring when the user tries to hit the server on that port.
03-18-2015 06:36 PM
for that, you may apply a packet capture for the firewal's vpn terminating IP on its outside interface, and it will tell you what ports are being hit etc,
and also in/out capture on the firewall's inside interface filtering the server's ip address.
asa has a packet-capture command which allows you to capture packets using ACLs for filtering traffic.
03-18-2015 06:38 PM
That sounds like what I'm after. is there any documentation on setting this up?
03-18-2015 06:43 PM
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110117-asa-capture-asdm-config.html
This link has both ASDM and CLI guides
HTH. Plz rate the answer if it fixes your problem. thanks
03-18-2015 06:51 PM
Cheers for your help.
03-19-2015 01:54 PM
I have done the packet capture. It's showing a connection reset. How can I dig further to allow this traffic?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide