acl

Unanswered Question
Aug 19th, 2009

Dear Sir,

The following acl is applied to the asa inside interface.

access-list 100 permit tcp host 192.168.0.1 any eq 5017

access-list 100 deny ip any any

access-group 100 in interface inside.

Netstat in windows command prompt shows that the connection on that port is initiated through the firewall but the return traffic is being blocked,

I learnt that tcp traffic obey to stateful inspection means that return traffic are always allowed for tcp.

Why is the return traffic being blocked?What can i do ?


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 08/19/2009 - 11:01

So you are trying to connect from 192.168.0.1 to any address on port 5017 ?


What is port 5017 ie. what application ?


Could you post the ASA config ?


Jon

kolawole1 Thu, 08/20/2009 - 00:34

The application is netstream it connects to some satellites and collects information.


Thank you.

Actions

This Discussion