Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

access-list inside-access-in denied tcp Inside/ on ASA5520

This is the syslog error message I get when i am trying to access a corporate server on port 1521 from my host machine
Sep 26 18:41:26 local4:info Sep 26 2014 18:41:25: %ASA-6-106100: access-list inside-access-in denied tcp Inside/

The is a splunk server.
Sort of a newbie to ASA firewall.
Made the changes on the firewall in inside-access-in; checked the ACLs in my router too; Keep getting the same error message even after the changes.
Suggestions folks?.


Super Bronze

Hi, Is that the full log



Is that the full log message? Seems kind of strange or missing part of the information.


Can you share with us the output of the following commands


show run access-list inside-access-in

Or if you are using "object-group" in the ACL


show access-list inside-access-in


And also the following


show run access-group


- Jouni

New Member

I had a similar issue with a

I had a similar issue with a similar syntax.


access-list inside_access_in denied tcp inside/ -> internal/ hit-cnt 2 300-second interval [0xdfee5926, 0x842aed20]


It turned out the range allowed in the rule was not including all of the random high ports the server needed (exchange). Original was 49152 to 65535 and we changed it to 1024 to 65535. I know this seems exaggerated but exchange is quite needy.

Seems like the random port was falling out of the range in the middle of the session and was not showing as a "normal" denied port.


Hope this helps somebody.