Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

access-list inside-access-in denied tcp Inside/10.120.102.40(8089) on ASA5520

This is the syslog error message I get when i am trying to access a corporate server on port 1521 from my host machine
Sep 26 18:41:26 10.0.5.4 local4:info Sep 26 2014 18:41:25: %ASA-6-106100: access-list inside-access-in denied tcp Inside/10.120.102.40(8089)

The 10.120.102.40 is a splunk server.
Sort of a newbie to ASA firewall.
Made the changes on the firewall in inside-access-in; checked the ACLs in my router too; Keep getting the same error message even after the changes.
Suggestions folks?.



Thanks,
Arjun

2 REPLIES
Super Bronze

Hi, Is that the full log

Hi,

 

Is that the full log message? Seems kind of strange or missing part of the information.

 

Can you share with us the output of the following commands

 

show run access-list inside-access-in

Or if you are using "object-group" in the ACL

 

show access-list inside-access-in

 

And also the following

 

show run access-group

 

- Jouni

New Member

I had a similar issue with a

I had a similar issue with a similar syntax.

 

access-list inside_access_in denied tcp inside/10.1.1.1(51479) -> internal/10.2.2.2(37782) hit-cnt 2 300-second interval [0xdfee5926, 0x842aed20]

 

It turned out the range allowed in the rule was not including all of the random high ports the server needed (exchange). Original was 49152 to 65535 and we changed it to 1024 to 65535. I know this seems exaggerated but exchange is quite needy.

Seems like the random port was falling out of the range in the middle of the session and was not showing as a "normal" denied port.

 

Hope this helps somebody.

 

Cheers

V

197
Views
0
Helpful
2
Replies