Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
4
Replies

ASA5505 giving error 106023

Go to solution
dirkmelvin
Level 1
Level 1

‎06-30-2008 08:41 AM - edited ‎03-11-2019 06:07 AM

I hope that I am describing my issue correctly:

I am getting errors that incoming packets are dropped because of access list "outside_access_in"

But I can't for the life of me figure it out.

I am pretty sure this used to work.

For example we use netmotion and that server is on the inside @ 192.168.123.160 using port 5008 which I have PATted from the outside interface.

But when a client on the outside attempts to access it I get the 106023 error : "Deny udp src outside:65.64.221.202/1269 dst inside:xx.xx.xx.xxx/5008 by access-group "outside_access_in" [0x0, 0x0]"

My external IP is DHCP from the ISP which is what shows at the above xx.xx.xx.xxx address.

Please, any pointers would be greatly appreciated.

Labels:
Preview file
14 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Fernando_Meza
Level 7
Level 7

‎06-30-2008 04:31 PM

Hi ..

I think the below ACL entry is not correct

access-list outside_access_in extended permit udp any host 192.168.123.160 eq 5008

it should allow access to the OUTSIDE INTERFACE as below

access-list outside_access_in extended permit udp any interface outside eq 5008

Similar entries should be added for any device being (Port Forwarded) by the external interface of the firewall).

The client on the outside of the firewall should be pointing to External-IP-Address of the firewall at port 5008 instead of to 192.168.123.160:5008

I hope it helps .. please rate helpfull posts.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Fernando_Meza
Level 7
Level 7

‎06-30-2008 04:31 PM

Hi ..

I think the below ACL entry is not correct

access-list outside_access_in extended permit udp any host 192.168.123.160 eq 5008

it should allow access to the OUTSIDE INTERFACE as below

access-list outside_access_in extended permit udp any interface outside eq 5008

Similar entries should be added for any device being (Port Forwarded) by the external interface of the firewall).

The client on the outside of the firewall should be pointing to External-IP-Address of the firewall at port 5008 instead of to 192.168.123.160:5008

I hope it helps .. please rate helpfull posts.

0 Helpful

Go to solution
dirkmelvin
Level 1
Level 1
In response to Fernando_Meza

‎07-01-2008 05:46 AM

I have implemented it as of now. I will let you know how it works out. Thank you for your input.

0 Helpful

Go to solution
dirkmelvin
Level 1
Level 1
In response to Fernando_Meza

‎07-01-2008 05:58 AM

I have implemented it as of now. I will let you know how it works out. Thank you for your input.

0 Helpful

Go to solution
dirkmelvin
Level 1
Level 1
In response to dirkmelvin

‎07-30-2008 05:47 AM

Sorry, I practically forgot about this post.

It did indeed solve my issue. Thank you so much!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card