Cisco Systems L2L VPN using Port specific ACLs
Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
L2L VPN using Port specific ACLs jcle 07-12-07
Posted by jcle on July 12, 2007, 7:24 pm
Please log in for more thread options
I am trying to build a VPN using port specific acls from an ASA to a
PIX and can only get one way communication

On the ASA Side I have the following ACL bound to the VPN
running 7.2(2)
inside ip 192.168.2.1
access-list vpn extended permit tcp host 192.168.2.50 eq 3389 host
10.1.2.50
access-list vpn extended permit icmp host 192.168.2.50 host 10.1.2.50
access-list vpn extended permit tcp host 192.168.2.50 host 10.1.2.50
eq 3389

On the PIX I have
running 6.3(5)
inside ip 10.1.2.1
access-list vpn permit tcp host 10.1.2.50 eq 3389 host 192.168.2.50
access-list vpn permit icmp host 10.1.2.50 host 192.168.2.50
access-list vpn permit tcp host 10.1.2.50 host 192.168.2.50 eq 3389

icmp works fine both hosts can ping. each other fine
the host behind the ASA can remote desktop to the host behind the pix


but here is the problem....
the host behind the PIX cannot remote desktop to the host behind the
ASA
when I try to rdp to from the host behind the pix to the host behind
the ASA the acl on the PIX takes hits but the acl on the ASA does
not.

I can build acls using permit ip and it works fine but I want to lock
this vpn down to be port specific so the hosts cannot communicate on
each others open ports.  Any help will be apperciated


Similar ThreadsPosted
L2L VPN using Port specific ACLs July 12, 2007, 7:24 pm
switch port going up and down on specific NIC October 12, 2006, 9:47 am
outbound port 80 redirect to specific destination address February 28, 2008, 1:07 am
PIX 7.0(4) ACLs March 7, 2006, 2:44 pm
ACLs and NAT September 6, 2006, 12:41 pm
ACLs in PIX 7 and above October 4, 2007, 3:19 am
ACLs September 24, 2009, 5:36 pm
Pix ACLs April 18, 2010, 3:28 am
Bridge with ACLs ??? March 8, 2006, 2:24 pm
OSPF + ACLs April 14, 2006, 11:30 am
Cisco ACLs May 16, 2006, 3:48 am
Configuring ACLs November 17, 2005, 4:46 am
I can't write ACLs June 26, 2008, 7:12 pm
Question About UDP ACLs in IOS April 23, 2009, 10:37 am
vpn problem at specific localtion July 17, 2005, 6:17 am
Latest PostsForumRSS
NEWS: Google Voice App Developer Taking Another Shot at iPho... Wireless Networking
Billing with X.25 over TCP Cisco Systems
In the pursuit of new customers, wireless companies forget t... General Telecommunications Forum
Re: Motion Sensor Light for Front Entrance General Home Automation
Telecom Hardware Cisco Certification
Selling Routes Bangladesh CLI (White) Voice-Over-IP
Re: RFC 2665 error on intel Ethernet LAN
FAQ: Maximizing cable modem or DSL speed Cable Modems
CASH FOR CISCO - I BUY USED AND NEW EQUIPMENT & LOTS MOR... Telecom Technical
FAQ: Maximizing cable modem or DSL speed Digital Subscriber Line
How to set up Meridian 1 to "provide clock" to a C... Nortel Networks
NFL Soccer Jersey, NBA NHL Sports Jersey From China LAN and Telecom Cabling
Control Hot Water Circ Pump With X10? Home Automation
Text file to automate restoring a dropped VPN connection. Virtual Private Networks
Home Theater Installation Home Theater
Re: The Turkic Languages in a Nutshell Fiber Optics
sip Video Conferencing
Residential Cabling Guide Home Cabling Guide

Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language!

Click Here to learn more