We have an ASA 5515 and we have a pretty basic setup, one ousite interface, one inside. We have a remote DVR setup at a location, we need to view the DVR through viewing software that communicates to the DVR over port 2000.
I setup an access list to allow all outside traffic over tcp/2000 through to an entire vlan:
access-list outside-in extended permit tcp any 192.168.6.0 255.255.255.0 eq 2000
It still seems to be blocking all port 2000 traffic, do I need to setup a NAT from the outside interface to this vlan?
To be honest its a pretty basic configuration and the TCP/2000 connection should pass.
Only thing I can think of is that the port TCP/2000 is typically used to my understanding by VOIP Phones
|2000||TCP||UDP||Cisco SCCP (Skinny)|
So I am wondering if the "inspect skinny" is causing the traffic to drop?
If you dont have need for the "inspect skinny", remove it from the
description Net Flow