We inherited the management of an ASA 5520 running IOS 8.2(3) from a previous company, and now we are switching the connectivity to a VPN from a LAN link directly connected to one of ASA interfaces.
Our skills on IOS are not very high.
While traffic through mainstream protocols (ssh, ftp, http...) flow seamlessly through the tunnel, all other traffic (e.g. rsync, NGINX on port 82...) is blocked. Needless to say, using LAN link there are no issues.
We set a permit ip any for the traffic coming from the VPN.
Looking at documentation, we made a test and ran:
Asa(config)# sysopt connection permit-vpn
This allowed all traffic to flow, but as we have different customers connecting via VPN, we cannot keep this option active.
We checked all ASA logs, which are stored in a log server, but we could find no hints in them.
We tried to find a solution via online documentation from Cisco and we browsed user groups, with no luck.
We believe the solution is so trivial that no one ever experienced the problem without solving it in a snap.
Any hints about what to check are warmly welcome. Our running-config is huge, and we believe it is not useful to post it all, but we can post suggested chunks if asked.
Turned out there was an applied ACL that filtered ALL ports based on a list.
We found it and added the needed protocols to the list.