ASA 5505

Unanswered Question
Oct 14th, 2008
User Badges:

I would like to have a device on my network accessable from the outside world through ANY port

i have tried using the cmd lines below but with no luck...

access-list outside_access_in extended permit tcp any host

access-list outside_access_in extended permit tcp any host eq any

anyone have any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 10/14/2008 - 09:33
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Have you setup Nat for this host ? eg.

static (inside,outside)


suschoud Tue, 10/14/2008 - 12:46
User Badges:
  • Gold, 750 points or more

is the " access-g outside_access_in in interface outside " in place ?



suschoud Tue, 10/14/2008 - 13:07
User Badges:
  • Gold, 750 points or more

an access list is of no use till the time it is applied on an interface.

through " access-group " command we apply an access list on an interface.

PLease add the command from my previous post...should work.

Do rate helpful posts.



JORGE RODRIGUEZ Tue, 10/14/2008 - 13:18
User Badges:
  • Green, 3000 points or more

In addition to placing the access-group couple of things you may want to check in the event that you already have access-group outside_access_in in interface outside statement in firewall and still no connection.

1-Make sure the server does not have any firewall of its own enable

2- Make sure the server does indeed listen on ports intended, example lets say port 80 for web, or SSL, telnet, ftp etc..

3- do a telnet test towards the server pub ip from an outside host if you can on the ports the server is listening on.


look at the logs on asdm see what it tells you while you try connection from the outside.




This Discussion