Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

TCP access denied by ACL

I have a security camera server with a web interface that formerly used a port forward in the service provider's modem/router to allow access to this interface from the internet. A 5505 ASA was installed after the modem to create a VPN to allow remote support. The VPN is configured and operational, but the web interface is no longer accessible. This site also has only one public IP address, and the server is on the only subnet that is configured.

The port forward was removed from the ISP modem/router, and I have configured port forwarding to the server on port 80. I also have configured an ACL to allow access from the outside to port 80. However, when attempting to access the server the logging shows:

TCP access denied by ACL from X.X.X.X/51945 to outside:X.X.X.X/80

I have attached my config file, please take a look and see what is causing this issue.





Hi Jmoritz,You should add a

Hi Jmoritz,

You should add a nat statement for the object network milestone:

object network milestone
  nat (inside,outside) static interface service tcp 80 80

By doing so host would be natted to the outside interfce, so any connection on port 80 on the outside interface would be forwarded to it on port 80.



Community Member

Aref,I entered the commands


I entered the commands as you suggested, but still getting the same results. Is there anything else that I can do?

Try to clear the xlate table

Try to clear the xlate table and local host table with these commands and try again, and please remember that the ip address of the server on the access list has to be the real "private" ip address:

clear xlate

clear local-host




CreatePlease to create content