ASA 5505

Unanswered Question
Oct 14th, 2008
User Badges:

I would like to have a device on my network accessable from the outside world through ANY port


i have tried using the cmd lines below but with no luck...


access-list outside_access_in extended permit tcp any host 1.2.3.4



access-list outside_access_in extended permit tcp any host 1.2.3.4 eq any


anyone have any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 10/14/2008 - 09:33
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Have you setup Nat for this host ? eg.


static (inside,outside)


Jon



suschoud Tue, 10/14/2008 - 12:46
User Badges:
  • Gold, 750 points or more

is the " access-g outside_access_in in interface outside " in place ?



Regards,

Sushil

suschoud Tue, 10/14/2008 - 13:07
User Badges:
  • Gold, 750 points or more

an access list is of no use till the time it is applied on an interface.



through " access-group " command we apply an access list on an interface.



PLease add the command from my previous post...should work.



Do rate helpful posts.



Regards,

Sushil

JORGE RODRIGUEZ Tue, 10/14/2008 - 13:18
User Badges:
  • Green, 3000 points or more

In addition to placing the access-group couple of things you may want to check in the event that you already have access-group outside_access_in in interface outside statement in firewall and still no connection.


1-Make sure the server does not have any firewall of its own enable


2- Make sure the server does indeed listen on ports intended, example lets say port 80 for web, or SSL, telnet, ftp etc..


3- do a telnet test towards the server pub ip from an outside host if you can on the ports the server is listening on.


c:\telnet

look at the logs on asdm see what it tells you while you try connection from the outside.


Rgds

Jorge


Actions

This Discussion