Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: VPN ACL

VPN ACL 9 years 6 months ago #21897

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
I am trying to add a new entry to an already existing ACL on an ASA 5510 and I am looking for some clarification:

Current entry I see:
access-list inside_nat0_outbound extended permit ip 10.3.254.0 255.255.255.0 10.3.254.0 255.255.255.192

I was told that the ASA is configured in such a way that VPN clients are assigned to the 10.3.254.0 network.

I need to allow remote desktop to host 1.2.3.4 from a vpn connection. How would I do so? Something like: access-list inside_nat0_outbound extended permit ip 10.3.254.0 255.255.255.0 host 1.2.3.4 eq 3389?

Do I need a source and a destination port?

I am unsure about the order because of the address similarity. Any ideas? Thanks!
The administrator has disabled public write access.

Re: VPN ACL 9 years 6 months ago #21900

  • lomaree
  • lomaree's Avatar
  • Offline
  • Frequent Member
  • Posts: 21
  • Karma: 0
I need to allow remote desktop to host 1.2.3.4 from a vpn connection. How would I do so? Something like: access-list inside_nat0_outbound extended permit ip 10.3.254.0 255.255.255.0 host 1.2.3.4 eq 3389?

you want VPN client to connect to this computer inside using remote desktop, rite?

if that's the case then it should be

access-list outside_inside extended permit tcp 10.3.254.0. 255.255.255.0 host 1.2.3.4 eq 3389

if you want to go for port then should define "tcp" instead of "ip" in your acl.

HTH
The administrator has disabled public write access.

Re: VPN ACL 9 years 6 months ago #21919

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
Thank you. I will give this a shot and see what happens.
The administrator has disabled public write access.

Re: VPN ACL 9 years 6 months ago #21924

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
This is what I entered:[code:1]access-list inside_nat0_outbound extended permit tcp 10.3.254.0 255.255.255.0 host 1.2.3.4 eq 3389[/code:1]

It does not work. Did I do something wrong?
The administrator has disabled public write access.

Re: VPN ACL 9 years 6 months ago #21925

  • d_jabsd
  • d_jabsd's Avatar
  • Offline
  • Distinguished Member
  • Posts: 153
  • Karma: 0
The using tcp or udp for nat_0 rules doesn't work with VPNs. It only works with ip acls.
The administrator has disabled public write access.

Re: VPN ACL 9 years 6 months ago #21926

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
The using tcp or udp for nat_0 rules doesn't work with VPNs. It only works with ip acls.
Good call.
The administrator has disabled public write access.
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup