Skip to main content

VPN ACL

More
17 years 5 months ago #21897 by skepticals
VPN ACL was created by skepticals
I am trying to add a new entry to an already existing ACL on an ASA 5510 and I am looking for some clarification:

Current entry I see:

access-list inside_nat0_outbound extended permit ip 10.3.254.0 255.255.255.0 10.3.254.0 255.255.255.192


I was told that the ASA is configured in such a way that VPN clients are assigned to the 10.3.254.0 network.

I need to allow remote desktop to host 1.2.3.4 from a vpn connection. How would I do so? Something like: access-list inside_nat0_outbound extended permit ip 10.3.254.0 255.255.255.0 host 1.2.3.4 eq 3389?

Do I need a source and a destination port?

I am unsure about the order because of the address similarity. Any ideas? Thanks!
More
17 years 5 months ago #21900 by lomaree
Replied by lomaree on topic Re: VPN ACL

I need to allow remote desktop to host 1.2.3.4 from a vpn connection. How would I do so? Something like: access-list inside_nat0_outbound extended permit ip 10.3.254.0 255.255.255.0 host 1.2.3.4 eq 3389?


you want VPN client to connect to this computer inside using remote desktop, rite?

if that's the case then it should be

access-list outside_inside extended permit tcp 10.3.254.0. 255.255.255.0 host 1.2.3.4 eq 3389

if you want to go for port then should define "tcp" instead of "ip" in your acl.

HTH
More
17 years 5 months ago #21919 by skepticals
Replied by skepticals on topic Re: VPN ACL
Thank you. I will give this a shot and see what happens.
More
17 years 5 months ago #21924 by skepticals
Replied by skepticals on topic Re: VPN ACL
This is what I entered:[code:1]access-list inside_nat0_outbound extended permit tcp 10.3.254.0 255.255.255.0 host 1.2.3.4 eq 3389[/code:1]

It does not work. Did I do something wrong?
More
17 years 5 months ago #21925 by d_jabsd
Replied by d_jabsd on topic Re: VPN ACL
The using tcp or udp for nat_0 rules doesn't work with VPNs. It only works with ip acls.
More
17 years 5 months ago #21926 by skepticals
Replied by skepticals on topic Re: VPN ACL

The using tcp or udp for nat_0 rules doesn't work with VPNs. It only works with ip acls.

Good call.
Time to create page: 0.131 seconds