Need to allow inbound connection over TCP 9000

Unanswered Question

I am trying to configure an ASA5510 (v7.12) to allow an inbound connection over TCP port 9000. I have a web server on the inside that is listening on port 9000 (http://192.168.1.1:9000)


I have setup a static NAT:


static (inside,outside) 1.2.3.4 192.168.1.1 netmask 255.255.255.255


and the access rule:


access-list outside_in extended permit tcp any host 1.2.3.4 eq 9000


Clients on the inside can reach the web server, but those outside the firewall are getting an unable to connect error.


What am I missing? This should be really straighforward.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sureshkum Sun, 08/19/2007 - 23:45
User Badges:

Have u grouped the ACL in outside interface.Have u placed the route?

rajatsetia Mon, 08/20/2007 - 02:44
User Badges:
  • Bronze, 100 points or more

Hi,


Check what sureshkum has stated ? also try this ...


access-list outside_in extended permit tcp any host 192.168.1.1 eq 9000


Best thing is to check the logs to get clear picture of your peoblem..


logs will tell you if the problem is realted to NAT or access list.


HTH


rgds


purohit_810 Mon, 08/20/2007 - 04:28
User Badges:
  • Silver, 250 points or more

Hi,


Do you have implemented same access-list on OUTSIDE interface?


NAT seems to be fine configured.



Ex:


access-group OUTSIDE_IN in interface outside



Regards,

Dharmesh Purohit

rigoberto.cintr... Mon, 08/20/2007 - 11:07
User Badges:

Check if you used the correct name in ACL.


Example


Your acl:


access-list outside_in extended permit tcp any host 1.2.3.4 eq 9000



Default acl name when you use the ASDM:


access-list outside_access_in extended permit tcp any host 1.2.3.4 eq 9000


Actions

This Discussion