access-list inside-access-in denied tcp Inside/10.120.102.40(8089) on ASA5520
This is the syslog error message I get when i am trying to access a corporate server on port 1521 from my host machine Sep 26 18:41:26 10.0.5.4 local4:info Sep 26 2014 18:41:25: %ASA-6-106100: access-list inside-access-in denied tcp Inside/10.120.102.40(8089)
The 10.120.102.40 is a splunk server. Sort of a newbie to ASA firewall. Made the changes on the firewall in inside-access-in; checked the ACLs in my router too; Keep getting the same error message even after the changes. Suggestions folks?.
It turned out the range allowed in the rule was not including all of the random high ports the server needed (exchange). Original was 49152 to 65535 and we changed it to 1024 to 65535. I know this seems exaggerated but exchange is quite needy.
Seems like the random port was falling out of the range in the middle of the session and was not showing as a "normal" denied port.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...