I can't seem to get incoming traffic pass the implicit outside rule.
I've configured the below static route and access-list which I hope means anything source tcp address can get through the outside interface on port 1997 only and the static NAT sends the traffic to an IP in the DMZ zone.
static (dmz,outside) 192.168.18.5 192.168.2.2 netmask 255.255.255.255
access-list outside_access_in extended permit tcp any host 192.168.18.5 eq 1997
access-group outside_access_in in interface outside
However I can't seem to get through. When I run packet filter it gets stopped by the outside implicit deny all rule.
Logging shows the below:-
%ASA-7-710005: TCP request discarded from 192.168.18.254/3049 to outside:192.168.18.5/1997
And as you can see from my access-list, my explicit configured rules are getting zero hit counts as all seems to be getting caught by the implicit deny rule.
mipsasa01# show access-list
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
access-list outside_access_in; 1 elements
access-list outside_access_in line 1 extended permit tcp any host 192.168.18.5 eq 1997 (hitcnt=0) 0xdea97d0
Why is all outside traffic hitting the explicit deny rule instead of my explicit permit rule.
In despair I changed my access rule to permit all tcp traffic on all ports and it still didn't get through.
Packetnet dropped the packet with the implicit deny rule and logging showed the discarded message.
Any ideas at all would be appreciated.