Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

ACL

I keep getting this message in my syslog

09-01-2006 08:50:26 Local4.Critical 10.4.0.2 Sep 01 2006 08:50:26: %PIX-2-106001: Inbound TCP connection denied from 192.168.32.101/3380 to 10.6.6.15/5054 flags SYN on interface DMZ

The 192.168.32.101 address is a host on a dmz interface that is trying to contact an Integrity server on the inside interface. I've added a static NAT translation for the Integrity server

static (inside,DMZ) 10.6.6.15 10.6.6.15 netmask 255.255.255.255

and my acl that is applied to the DMZ interface has the following entry

access-list dmz_access_in line 29 extended permit tcp 192.168.32.96 255.255.255.224 host 10.6.6.15 eq 5054

This configuration used to work, but recently I added a 2nd DMZ interface, and since then this message started appearing. The log doesn't say it's being blocked by my access-list, but rather it looks like the security policy is blocking it automatically. My inside security level is 100, DMZ (where the wireless clients used to be when it worked) is 75 and DMZ2 (the wireless DMZ now) is 50. Can anyone see what I'm missing?

thank you,

Bill

I have an ac

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ACL

Hi,

Do you definitely have the ACL applied to the correct interface? can you post a config?

Andrew.

2 REPLIES

Re: ACL

Hi,

Do you definitely have the ACL applied to the correct interface? can you post a config?

Andrew.

New Member

Re: ACL

that was it, I didn't have the ACL applied to the DMZ interface at all. Thank you!

Bill

122
Views
0
Helpful
2
Replies
CreatePlease to create content