Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA not allowing connection from Mobile device to CUMA Server

Afternoon security massive,

     Im a voice guy trying( and failing) to get my mobile devices connected to my CUMA server that sits behind my ASA. I can see the Inbound TCP connection attempt here:

6Dec 16 200913:53:0830201389.193.21.11648847192.168.100.1319080Built inbound TCP connection 486 for outside:89.193.21.116/48847 (89.193.21.116/48847) to inside:192.168.100.131/9080 (195.157.156.94/9080)

But then shortly after I recieve the following:

6Dec 16 200913:53:1830201489.193.21.11648847192.168.100.1319080Teardown TCP connection 486 for outside:89.193.21.116/48847 to inside:192.168.100.131/9080 duration 0:00:10 bytes 0 TCP Reset-O

Ive attached a copy of the config on the ASA for your perusal, any comments would be massively appreciated.

C.

1 REPLY

Re: ASA not allowing connection from Mobile device to CUMA Serve

Lets try this.

access-list CAPTUREOUT extended permit tcp any host 195.157.156.94 eq 5443

access-list CAPTUREOUT extended permit tcp any host 195.157.156.94 eq 6532

access-list CAPTUREOUT extended permit tcp any host 195.157.156.94 eq 9080

access-list CAPTUREOUT extended permit tcp host 195.157.156.94 eq 5443 any

access-list CAPTUREOUT extended permit tcp host 195.157.156.94 eq 6532 any

access-list CAPTUREOUT extended permit tcp host 195.157.156.94 eq 9080 any

access-list CAPTUREIN extended permit tcp any host 192.168.100.131 eq 5443

access-list CAPTUREIN extended permit tcp any host 192.168.100.131 eq 6532

access-list CAPTUREIN extended permit tcp any host 192.168.100.131 eq 9080

access-list CAPTUREIN extended permit tcp host 192.168.100.131 eq 5443 any

access-list CAPTUREIN extended permit tcp host 192.168.100.131 eq 6532 any

access-list CAPTUREIN extended permit tcp host 192.168.100.131 eq 9080 any

Capture CAPOUT access-list CAPTUREOUT interface outside

Capture CAPIN access-list CAPTUREIN interface inside

Clear asp drop

Try a couple of times to get the packets from the CUMA and then send us the show asp drop and the show cap CAPOUT and CAPIN.

412
Views
0
Helpful
1
Replies