I hope that I am describing my issue correctly:
I am getting errors that incoming packets are dropped because of access list "outside_access_in"
But I can't for the life of me figure it out.
I am pretty sure this used to work.
For example we use netmotion and that server is on the inside @ 192.168.123.160 using port 5008 which I have PATted from the outside interface.
But when a client on the outside attempts to access it I get the 106023 error : "Deny udp src outside:220.127.116.11/1269 dst inside:xx.xx.xx.xxx/5008 by access-group "outside_access_in" [0x0, 0x0]"
My external IP is DHCP from the ISP which is what shows at the above xx.xx.xx.xxx address.
Please, any pointers would be greatly appreciated.
I think the below ACL entry is not correct
access-list outside_access_in extended permit udp any host 192.168.123.160 eq 5008
it should allow access to the OUTSIDE INTERFACE as below
access-list outside_access_in extended permit udp any interface outside eq 5008
Similar entries should be added for any device being (Port Forwarded) by the external interface of the firewall).
The client on the outside of the firewall should be pointing to External-IP-Address of the firewall at port 5008 instead of to 192.168.123.160:5008
I hope it helps .. please rate helpfull posts.