Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: VPN ACL

VPN ACL 11 years 1 month ago #21897

I am trying to add a new entry to an already existing ACL on an ASA 5510 and I am looking for some clarification:

Current entry I see:

access-list inside_nat0_outbound extended permit ip 10.3.254.0 255.255.255.0 10.3.254.0 255.255.255.192


I was told that the ASA is configured in such a way that VPN clients are assigned to the 10.3.254.0 network.

I need to allow remote desktop to host 1.2.3.4 from a vpn connection. How would I do so? Something like: access-list inside_nat0_outbound extended permit ip 10.3.254.0 255.255.255.0 host 1.2.3.4 eq 3389?

Do I need a source and a destination port?

I am unsure about the order because of the address similarity. Any ideas? Thanks!

Please Log in to join the conversation.

Re: VPN ACL 11 years 4 weeks ago #21900

I need to allow remote desktop to host 1.2.3.4 from a vpn connection. How would I do so? Something like: access-list inside_nat0_outbound extended permit ip 10.3.254.0 255.255.255.0 host 1.2.3.4 eq 3389?


you want VPN client to connect to this computer inside using remote desktop, rite?

if that's the case then it should be

access-list outside_inside extended permit tcp 10.3.254.0. 255.255.255.0 host 1.2.3.4 eq 3389

if you want to go for port then should define "tcp" instead of "ip" in your acl.

HTH

Please Log in to join the conversation.

Re: VPN ACL 11 years 4 weeks ago #21919

Thank you. I will give this a shot and see what happens.

Please Log in to join the conversation.

Re: VPN ACL 11 years 4 weeks ago #21924

This is what I entered:[code:1]access-list inside_nat0_outbound extended permit tcp 10.3.254.0 255.255.255.0 host 1.2.3.4 eq 3389[/code:1]

It does not work. Did I do something wrong?

Please Log in to join the conversation.

Re: VPN ACL 11 years 4 weeks ago #21925

The using tcp or udp for nat_0 rules doesn't work with VPNs. It only works with ip acls.

Please Log in to join the conversation.

Re: VPN ACL 11 years 4 weeks ago #21926

The using tcp or udp for nat_0 rules doesn't work with VPNs. It only works with ip acls.

Good call.

Please Log in to join the conversation.

Time to create page: 0.148 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup