Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
936
Views
0
Helpful
5
Replies

Need to allow inbound connection over TCP 9000

tom.brockman
Level 1
Level 1

‎08-19-2007 10:24 PM - edited ‎03-11-2019 03:59 AM

I am trying to configure an ASA5510 (v7.12) to allow an inbound connection over TCP port 9000. I have a web server on the inside that is listening on port 9000 (http://192.168.1.1:9000)

I have setup a static NAT:

static (inside,outside) 1.2.3.4 192.168.1.1 netmask 255.255.255.255

and the access rule:

access-list outside_in extended permit tcp any host 1.2.3.4 eq 9000

Clients on the inside can reach the web server, but those outside the firewall are getting an unable to connect error.

What am I missing? This should be really straighforward.

Labels:
0 Helpful
5 Replies 5

sureshkum
Level 1
Level 1

‎08-19-2007 11:45 PM

Have u grouped the ACL in outside interface.Have u placed the route?

0 Helpful

rajatsetia
Level 1
Level 1
In response to sureshkum

‎08-20-2007 02:44 AM

Hi,

Check what sureshkum has stated ? also try this ...

access-list outside_in extended permit tcp any host 192.168.1.1 eq 9000

Best thing is to check the logs to get clear picture of your peoblem..

logs will tell you if the problem is realted to NAT or access list.

HTH

rgds

0 Helpful

purohit_810
Level 5
Level 5

‎08-20-2007 04:28 AM

Hi,

Do you have implemented same access-list on OUTSIDE interface?

NAT seems to be fine configured.

Ex:

access-group OUTSIDE_IN in interface outside

Regards,

Dharmesh Purohit

0 Helpful

rigoberto.cintron
Level 1
Level 1

‎08-20-2007 11:07 AM

Check if you used the correct name in ACL.

Example

Your acl:

access-list outside_in extended permit tcp any host 1.2.3.4 eq 9000

Default acl name when you use the ASDM:

access-list outside_access_in extended permit tcp any host 1.2.3.4 eq 9000

0 Helpful

tom.brockman
Level 1
Level 1
In response to rigoberto.cintron

‎08-20-2007 11:11 AM

I figured this out. It was an internal routing issue. Thanks for your help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card