Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: port access to site to site VPN
Special Forums IP Networking port access to site to site VPN Post 302268342 by photon on Monday 15th of December 2008 12:19:57 PM
Old 12-15-2008
port access to site to site VPN
Setup a site to site VPN between two cisco routers.

One of the site locations is unable to access ports such as https://example.com:9001

How do I let them go into port 9001?

They can ssh, ftp, telnet and everything else.

Is this a VPN issue or ACL access issue?

I put
permit ip host 10.0.0.0 host 192.0.0.0

tried adding this
permit tcp host 10.0.0.3 host 192.0.0.5
but nothing

so they should be able to access???Smilie
 

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to check site access in shell script

Hello every one, I have a little issue that has been killing me now for the past couple of days, I have tried to find solutions online, but its been hard to, ok here it goes... I have created a site that is based on amount of user that have access at a time, based on cookie. So if the browser... (1 Reply)
Discussion started by: heman007
1 Replies

2. UNIX for Advanced & Expert Users

squid: Allow access to only one site and only via 80 or 443

Can someone please give me the conf file line to allow access to myexample.com and only that site, and only through http and https? So far I have only that site accessible via http, but all https sites are opened. Squid 3.1 on Cent 6 ---------- Post updated at 12:06 PM ---------- Previous... (0 Replies)
Discussion started by: glev2005
0 Replies

3. IP Networking

How to establish site to site vpn - Linux machine and cisco asa?

Hi, I am trying to establish vpn between my linux server and cisco asa at client side. I installed openswan on my cent os. Linux Server eth0 - 182.2.29.10 Gateway - 182.2.29.1 eth1 - 192.9.200.75 I have simple IPtables Like WAN="eth0" LAN="eth1" (0 Replies)
Discussion started by: ashokvpp
0 Replies

4. Red Hat

Want to unblock port for particular site

Dear All We have one Centos Server on Asterisk platform.We are trying to open one particular site from client machines which is our client portal.We have to upload data on that.When we trying to open that site somewhere its blocking and not opening.We did tracert and found one router down... (3 Replies)
Discussion started by: Vaibhav.T
3 Replies

5. IP Networking

VPN ssh access over RDP port?

Guys, Can I use an open RDP port to gain ssh access to my Linux server running the other side of our firewall? I work from home on the odd occasion, we only have RDP port 3389 available once logged into the VPN. I would rather ssh into my workstation without the need for a desktop display. ... (3 Replies)
Discussion started by: general_lee
3 Replies

6. IP Networking

iptables allow access to one site

Hi all I need help with a set of iptables rules that would allow a portion of a bank of ipaddresses acces to only one or two named wbsites. Please advise Thank You Ed (3 Replies)
Discussion started by: wa1ed
3 Replies

7. IP Networking

Does cisco 1921 router support site to site VPNs using IPSec?

Q: "Does Cisco 1921 router support,, act as an endpoint for, site to site VPNs using IPSec? If so, how many? " A: If you get the Cisco 1921/k9 with the security services bundle then it will have built in security features. Cisco, typically includes IP Sec tunnels I believe as part of that... (0 Replies)
Discussion started by: Ayaerlee
0 Replies

8. IP Networking

IPSec Openswan Site to Site VPN - Big Pain

Hi @all, I try to connect 2 LANs with IPSec/Openswan LAN 1: 192.168.0.0/24 LAN 2: 192.168.1.0/24 This is my Config: conn HomeVPN # # Left security gateway, subnet behind it, nexthop toward right. left=192.168.1.29 ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies

9. Post Here to Contact Site Administrators and Moderators

Regarding not able to access UNIX.com site

Hello MODs/Admins, Could you please help me here as from last 6 to 7 days I(and checked with my fellow friends too) am not able to access unix.com site at all. It is very very slow, it never loads completely. Even I checked with different people and different computers it results same only,... (8 Replies)
Discussion started by: RavinderSingh13
8 Replies

LEARN ABOUT DEBIAN

rapolicy

RAPOLICY(1)						      General Commands Manual						       RAPOLICY(1)

NAME

       rapolicy - compare a argus(8) data file/stream against a Cisco Access Control List.

COPYRIGHT

       Copyright (c) 2000-2003 QoSient. All rights reserved.

SYNOPSIS

       rapolicy -r argus-file [ra options]

DESCRIPTION

       Rapolicy reads argus data from an argus-file list, and tests the argus data stream  against a Cisco access control list configuration file,
       printing out records that represent activity that would violate the policy.  Rapolicy can be used to indicate access control violations, as
       well as test new access control definitions prior to installing them in a router.

OPTIONS

       Rapolicy, like all ra based clients, supports a large number of options.  Options that have specific meaning to rapolicy are:

	  -f <Cisco ACL file> Print records that violate the policy.
	  -D 0 (default)      Print records that violate the policy.
	  -D 1		      Print records and the violated ruleset.
	  -D 2		      Print all records and the ruleset that matched.

       See ra(1) for a complete description of ra options.

EXAMPLE INVOCATION

       rapolicy -r argus.file

CISCO ACL SYNTAX

       There  does  not  seem to be authoritative Cisco-ACL-Documentation, nor ACL syntax standardization.  Because Cisco has been know to improve
       its ACL rules syntax, rapolicy is known to work with Cisco ACL router defintions up to July, 2002.

       A Cisco ACL configuration file consists of a collection of any number of ACL statements, each on a separte line.   The  syntax  of  an  ACL
       statement is:

	  ACL	     = "access-list" ID ACTION PROTOCOL SRC DST NOTIFICATION

	  ID	     = Number
	  ACTION     = permit | deny
	  PROTO      = protocol name | protocol number

	  SRC | DST  = ADDRESS [PORTMATCH]

	  ADDRESS    = any | host HOSTADDR | HOSTADDR HOSTMASK
	  HOSTADDR   = ipV4 address
	  HOSTMASK   = matching-mask

	  PORTMATCH  = PORTOP PORTNUM | range PORTRANGE
	  PORTOP     = eq | lt | gt | neq | established

	  PORTRANGE  =	PORTNUM PORTNUM
	  PORTNUM    =	TCP or UDP port value (unsigned decimal from 0 to 65535)

EXAMPLE CONFIGURATION

       This  example  Cisco Access Control List configuration is provided as an example only.  No effort has been made to verify that this example
       Access Control List enforces a useful access control policy of any kind.

       #allow www-traffic to webserver
       access-list 102 permit tcp any 193.174.13.99 0.0.0.0 eq 80

       #allow ftp control connection to server
       access-list 102 permit tcp any 193.174.13.99 0.0.0.0 eq 21

       #allow normal ftp
       access-list 102 permit tcp any 193.174.13.99 0.0.0.0 eq 20

       #allow ftp passive conncetions in portrange 10000 to 10500
       access-list 102 permit tcp any host 193.174.13.99 range 10000 10500

       #dummy example
       access-list 102 permit tcp host 193.174.13.1 eq 12345 host 193.174.13.2 range 12345 23456

       #deny the rest
       access-list 102 deny tcp any any

       #same thing in other words:
       access-list 102 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

AUTHORS

       Carter Bullard (carter@qosient.com).
       Olaf Gellert (gellert@pca.dfn.de).

SEE ALSO

       ra(1), rarc(5), argus(8)

								   22 July 2002 						       RAPOLICY(1)
All times are GMT -4. The time now is 12:40 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy