Sorry for the delay in responding.Yes your first line "permit tcp any any eq 3389" will permit any source to any destination on port 3389.My suggestion is to only allow RDP to the server you want to allow it on like this.. (where xx.xx.xx.xx is the d...
Hello Mohit.Not to argue - but I don't agree with your statement about "sysopt connection permit-vpn" not applying to the actual IPSec (IKE and ESP) traffic going to the ASA. Not cause confusion but I think this is a point worth discussing.According...
This ASA is no longer a firewall. It's a router with 3 interfaces because all ACLS contain "permit ip any any" and once a packet matches that line it will pass through.access-list outside_to_DMZ extended permit ip any anyaccess-list inside_access_in...
I think, however, if I remember correctly the same ACL can't be used for both a NAT exemption and a VPN interesting tunnel ACL so I would suggest making the following changes..."access-list nonat extended permit ip inside 255.255.255.0 192.168.5.0 25...
