I am trying to build a VPN using port specific acls from an ASA to a PIX and can only get one way communication
On the ASA Side I have the following ACL bound to the VPN running 7.2(2) inside ip 192.168.2.1 access-list vpn extended permit tcp host 192.168.2.50 eq 3389 host
10.1.2.50 access-list vpn extended permit icmp host 192.168.2.50 host 10.1.2.50 access-list vpn extended permit tcp host 192.168.2.50 host 10.1.2.50 eq 3389On the PIX I have running 6.3(5) inside ip 10.1.2.1 access-list vpn permit tcp host 10.1.2.50 eq 3389 host 192.168.2.50 access-list vpn permit icmp host 10.1.2.50 host 192.168.2.50 access-list vpn permit tcp host 10.1.2.50 host 192.168.2.50 eq 3389
icmp works fine both hosts can ping. each other fine the host behind the ASA can remote desktop to the host behind the pix
but here is the problem.... the host behind the PIX cannot remote desktop to the host behind the ASA when I try to rdp to from the host behind the pix to the host behind the ASA the acl on the PIX takes hits but the acl on the ASA does not.
I can build acls using permit ip and it works fine but I want to lock this vpn down to be port specific so the hosts cannot communicate on each others open ports. Any help will be apperciated