L2L VPN using Port specific ACLs

I am trying to build a VPN using port specific acls from an ASA to a PIX and can only get one way communication

On the ASA Side I have the following ACL bound to the VPN running 7.2(2) inside ip 192.168.2.1 access-list vpn extended permit tcp host 192.168.2.50 eq 3389 host

10.1.2.50 access-list vpn extended permit icmp host 192.168.2.50 host 10.1.2.50 access-list vpn extended permit tcp host 192.168.2.50 host 10.1.2.50 eq 3389

On the PIX I have running 6.3(5) inside ip 10.1.2.1 access-list vpn permit tcp host 10.1.2.50 eq 3389 host 192.168.2.50 access-list vpn permit icmp host 10.1.2.50 host 192.168.2.50 access-list vpn permit tcp host 10.1.2.50 host 192.168.2.50 eq 3389

icmp works fine both hosts can ping. each other fine the host behind the ASA can remote desktop to the host behind the pix

but here is the problem.... the host behind the PIX cannot remote desktop to the host behind the ASA when I try to rdp to from the host behind the pix to the host behind the ASA the acl on the PIX takes hits but the acl on the ASA does not.

I can build acls using permit ip and it works fine but I want to lock this vpn down to be port specific so the hosts cannot communicate on each others open ports. Any help will be apperciated

Reply to
jcle
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.