Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA5505 giving error 106023

I hope that I am describing my issue correctly:

I am getting errors that incoming packets are dropped because of access list "outside_access_in"

But I can't for the life of me figure it out.

I am pretty sure this used to work.

For example we use netmotion and that server is on the inside @ 192.168.123.160 using port 5008 which I have PATted from the outside interface.

But when a client on the outside attempts to access it I get the 106023 error : "Deny udp src outside:65.64.221.202/1269 dst inside:xx.xx.xx.xxx/5008 by access-group "outside_access_in" [0x0, 0x0]"

My external IP is DHCP from the ISP which is what shows at the above xx.xx.xx.xxx address.

Please, any pointers would be greatly appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA5505 giving error 106023

Hi ..

I think the below ACL entry is not correct

access-list outside_access_in extended permit udp any host 192.168.123.160 eq 5008

it should allow access to the OUTSIDE INTERFACE as below

access-list outside_access_in extended permit udp any interface outside eq 5008

Similar entries should be added for any device being (Port Forwarded) by the external interface of the firewall).

The client on the outside of the firewall should be pointing to External-IP-Address of the firewall at port 5008 instead of to 192.168.123.160:5008

I hope it helps .. please rate helpfull posts.

4 REPLIES

Re: ASA5505 giving error 106023

Hi ..

I think the below ACL entry is not correct

access-list outside_access_in extended permit udp any host 192.168.123.160 eq 5008

it should allow access to the OUTSIDE INTERFACE as below

access-list outside_access_in extended permit udp any interface outside eq 5008

Similar entries should be added for any device being (Port Forwarded) by the external interface of the firewall).

The client on the outside of the firewall should be pointing to External-IP-Address of the firewall at port 5008 instead of to 192.168.123.160:5008

I hope it helps .. please rate helpfull posts.

Community Member

Re: ASA5505 giving error 106023

I have implemented it as of now. I will let you know how it works out. Thank you for your input.

Community Member

Re: ASA5505 giving error 106023

I have implemented it as of now. I will let you know how it works out. Thank you for your input.

Community Member

Re: ASA5505 giving error 106023

Sorry, I practically forgot about this post.

It did indeed solve my issue. Thank you so much!

289
Views
0
Helpful
4
Replies
CreatePlease to create content