VPN ACL

I am trying to add a new entry to an already existing ACL on an ASA 5510 and I am looking for some clarification:

Current entry I see:

access-list inside_nat0_outbound extended permit ip 10.3.254.0 255.255.255.0 10.3.254.0 255.255.255.192

I was told that the ASA is configured in such a way that VPN clients are assigned to the 10.3.254.0 network.

I need to allow remote desktop to host 1.2.3.4 from a vpn connection. How would I do so? Something like: access-list inside_nat0_outbound extended permit ip 10.3.254.0 255.255.255.0 host 1.2.3.4 eq 3389?

Do I need a source and a destination port?

I am unsure about the order because of the address similarity. Any ideas? Thanks!

I need to allow remote desktop to host 1.2.3.4 from a vpn connection. How would I do so? Something like: access-list inside_nat0_outbound extended permit ip 10.3.254.0 255.255.255.0 host 1.2.3.4 eq 3389?

you want VPN client to connect to this computer inside using remote desktop, rite?

if that's the case then it should be

access-list outside_inside extended permit tcp 10.3.254.0. 255.255.255.0 host 1.2.3.4 eq 3389

if you want to go for port then should define "tcp" instead of "ip" in your acl.

HTH

Thank you. I will give this a shot and see what happens.

This is what I entered:[code:1]access-list inside_nat0_outbound extended permit tcp 10.3.254.0 255.255.255.0 host 1.2.3.4 eq 3389[/code:1]

It does not work. Did I do something wrong?

The using tcp or udp for nat_0 rules doesn't work with VPNs. It only works with ip acls.

The using tcp or udp for nat_0 rules doesn't work with VPNs. It only works with ip acls.

Good call.