https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/727043#M1003916 <HTML><HEAD></HEAD><BODY><P>"There is an Access-list for tcp traffic. The Hit counter for that is 0. That mean traffic can reach outside interface but cannot access inside interface,,,,"</P><P></P><P>Remember that outside is less secure then inside therefore you need an access list TO ALLOW outside traffic to inside.</P><P></P><P>You need to have an access list like this</P><P>access-list OUTSIDE_TO_INSIDE extended permit tcp any any </P><P></P><P>then apply it to outside!</P><P></P><P>access-group OUTSIDE_TO_INSIDE in interface outside</P><P></P><P></P><P>Then you should have hits on the counters otherwise the access list isnt working </P><P></P></BODY></HTML> Wed, 06 Jun 2007 21:16:01 GMT Rodrigo Gurriti 2007-06-06T21:16:01Z https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/727041#M1003914 <P>|May 31 2007 18:59:20|106001: Inbound TCP connection denied from 10.0.0.0/1891 to 192.168.0.0/23 flags SYN on interface Outside</P><P></P><P></P><P>I am receiving this error for both tcp and icmp traffics. I can ping from 10.0.0.0 network to the outside interface, but I cannot ping/telnet the 192.168.0.0 network. There is an Access-list for tcp traffic. The Hit counter for that is 0. That mean traffic can reach outside interface but cannot access inside interface,,,,</P><P></P><P>Any clues? </P><P></P><P>Thanks </P> Mon, 11 Mar 2019 10:23:35 GMT https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/727041#M1003914 arafat009 2019-03-11T10:23:35Z https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/727042#M1003915 <HTML><HEAD></HEAD><BODY><P>This is a connection-related message. This message occurs when an attempt to connect to an inside address is denied by your security policy. Possible TCP_flags values correspond to the flags in the TCP header that were present when the connection was denied. For example, a TCP packet arrived for which no connection state exists in the PIX Firewall, and it was dropped. The TCP_flags in this packet are FIN and ACK. </P><P></P><P>The TCP_flags are as follows: </P><P></P><P>?ACK?The acknowledgment number was received. </P><P></P><P>?FIN?Data was sent. </P><P></P><P>?PSH?The receiver passed data to the application. </P><P></P><P>?RST?The connection was reset. </P><P></P><P>?SYN?Sequence numbers were synchronized to start a connection. </P><P></P><P>?URG?The urgent pointer was declared valid. </P><P></P><P>Try this link:</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/syslog/pixemsgs.htm#wp1022675" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/syslog/pixemsgs.htm#wp1022675</A></P><P></P><P></P></BODY></HTML> Wed, 06 Jun 2007 19:33:07 GMT https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/727042#M1003915 thomas.chen 2007-06-06T19:33:07Z https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/727043#M1003916 <HTML><HEAD></HEAD><BODY><P>"There is an Access-list for tcp traffic. The Hit counter for that is 0. That mean traffic can reach outside interface but cannot access inside interface,,,,"</P><P></P><P>Remember that outside is less secure then inside therefore you need an access list TO ALLOW outside traffic to inside.</P><P></P><P>You need to have an access list like this</P><P>access-list OUTSIDE_TO_INSIDE extended permit tcp any any </P><P></P><P>then apply it to outside!</P><P></P><P>access-group OUTSIDE_TO_INSIDE in interface outside</P><P></P><P></P><P>Then you should have hits on the counters otherwise the access list isnt working </P><P></P></BODY></HTML> Wed, 06 Jun 2007 21:16:01 GMT https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/727043#M1003916 Rodrigo Gurriti 2007-06-06T21:16:01Z