I have an ASA5520 and need to allow users to connect to the inside network (and some users to the management network if possible), using the VPN client. I went through the wizard on the ASDM and created an access control list for the ports used by the VPN client. When checking the logs, it tends to say that the access to the port is denied by the outside interface. Using the packet trace feature it fails on my implicit deny all for the outside interface, even though I specifically gave access on those ports. Could this be a group policy issue, or some other feature not being setup properly?
Here is what I'm allowing:
object-group service DM_INLINE_SERVICE_4
service-object tcp-udp eq 10000
service-object udp eq isakmp
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_4 any host IP1
This is what I see on the log:
|2||Apr 06 2010||11:29:20||106006||10.10.101.28||4765||IP1||500||Deny inbound UDP from 10.10.101.28/4765 to IP1/500 on interface outside|