Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA 5505 Anyconnect clients cannot access Slingbox

I'm trying to configure an ASA 5505 to view my Slingbox from my iPhone/iPad from an outside or 3G network.  I can't ping my internal networks while connected via AnyConnect.  I know that I need to free up port 5001, but I can't seem to get it to work.  Any help would be appreciated. 

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.03.27 20:41:32 =~=~=~=~=~=~=~=~=~=~=~=

sh run

: Saved


ASA Version 8.4(2)


hostname ciscoasa

enable password xxxxxxxxx encrypted

passwd xxxxxxxx encrypted



interface Ethernet0/0

switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


interface Vlan1

nameif inside

security-level 100

ip address


interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute


banner motd

banner motd +...................................................-+

banner motd |                                                    |

banner motd |   *** Unauthorized Use or Access Prohibited ***    |

banner motd |                                                    |

banner motd |        For Authorized Official Use Only            |

banner motd | You must have explicit permission to access or     |

banner motd | configure this device. All activities performed    |

banner motd | on this device will be logged, and violations of   |

banner motd | this policy may result in disciplinary action, and |

banner motd | may be reported to law enforcement authorities.    |

banner motd |                                                    |

banner motd |   There is no right to privacy on this device.     |

banner motd |                                                    |

banner motd +...................................................-+

ftp mode passive

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object network INSIDE-HOSTS


object network AnyConnect-INET


object-group service Slingbox

service-object tcp destination eq 5001

service-object tcp destination eq 5002

service-object tcp destination eq 5003

service-object tcp destination eq 5004

service-object tcp destination eq 5005

access-list Internet_IN extended permit icmp any interface outside echo-reply

access-list Internet_IN extended permit icmp any interface outside

pager lines 24

logging enable

logging timestamp

logging buffered informational

logging asdm informational

mtu inside 1500

mtu outside 1500

ip local pool vpnpool mask

icmp unreachable rate-limit 1 burst-size 1

icmp permit any inside

icmp permit any echo-reply inside

icmp permit any echo-reply outside

icmp permit any outside

no asdm history enable

arp timeout 14400

nat (inside,outside) source dynamic AnyConnect-INET interface


object network INSIDE-HOSTS

nat (inside,outside) dynamic interface

object network AnyConnect-INET

nat (outside,outside) dynamic interface

access-group Internet_IN in interface outside


router eigrp 100




route inside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet timeout 5

ssh inside

ssh timeout 5

console timeout 0

dhcpd auto_config outside


dhcpd address inside

dhcpd dns interface inside

dhcpd enable inside


threat-detection basic-threat

threat-detection scanning-threat shun

threat-detection statistics

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200


enable outside

anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1

anyconnect enable

tunnel-group-list enable

group-policy "Client Group" internal

group-policy "Client Group" attributes

wins-server none

dns-server value

vpn-tunnel-protocol ikev2 ssl-client ssl-clientless

split-tunnel-policy tunnelall

default-domain value


  anyconnect ssl rekey time none

  anyconnect ssl rekey method ssl

  anyconnect ask none default anyconnect

username admin password xxxxxxxxx encrypted privilege 15

tunnel-group TunnelGroup1 type remote-access

tunnel-group TunnelGroup1 general-attributes

address-pool vpnpool

default-group-policy "Client Group"

tunnel-group TunnelGroup1 webvpn-attributes

group-alias ssl_group_users enable


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect ip-options

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny 

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip 

  inspect xdmcp


service-policy global_policy global

prompt hostname context

no call-home reporting anonymous


profile CiscoTAC-1

  no active

  destination address http

  destination address email

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

hpm topN enable


: end

CreatePlease to create content