08-19-2007 10:24 PM - edited 03-11-2019 03:59 AM
I am trying to configure an ASA5510 (v7.12) to allow an inbound connection over TCP port 9000. I have a web server on the inside that is listening on port 9000 (http://192.168.1.1:9000)
I have setup a static NAT:
static (inside,outside) 1.2.3.4 192.168.1.1 netmask 255.255.255.255
and the access rule:
access-list outside_in extended permit tcp any host 1.2.3.4 eq 9000
Clients on the inside can reach the web server, but those outside the firewall are getting an unable to connect error.
What am I missing? This should be really straighforward.
08-19-2007 11:45 PM
Have u grouped the ACL in outside interface.Have u placed the route?
08-20-2007 02:44 AM
Hi,
Check what sureshkum has stated ? also try this ...
access-list outside_in extended permit tcp any host 192.168.1.1 eq 9000
Best thing is to check the logs to get clear picture of your peoblem..
logs will tell you if the problem is realted to NAT or access list.
HTH
rgds
08-20-2007 04:28 AM
Hi,
Do you have implemented same access-list on OUTSIDE interface?
NAT seems to be fine configured.
Ex:
access-group OUTSIDE_IN in interface outside
Regards,
Dharmesh Purohit
08-20-2007 11:07 AM
Check if you used the correct name in ACL.
Example
Your acl:
access-list outside_in extended permit tcp any host 1.2.3.4 eq 9000
Default acl name when you use the ASDM:
access-list outside_access_in extended permit tcp any host 1.2.3.4 eq 9000
08-20-2007 11:11 AM
I figured this out. It was an internal routing issue. Thanks for your help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: