https://community.cisco.com/t5/network-security/firewall-rule/m-p/3090697#M133410 <P>Or inbound should look like this.&nbsp;</P> <P></P> <PRE class="prettyprint prettyprinted"><SPAN class="typ">Acl</SPAN><SPAN class="pln"> inside extended permit tcp any host 12.0.0.0</SPAN><SPAN class="pln"> eq ssh</SPAN><BR /><SPAN class="typ">Acl</SPAN><SPAN class="pln"> inside extended permit tcp any&nbsp;host 12.0.0.0</SPAN><SPAN class="pln"> eq </SPAN><SPAN class="lit">990</SPAN></PRE> Thu, 10 Aug 2017 02:30:22 GMT Jay Cambell 2017-08-10T02:30:22Z https://community.cisco.com/t5/network-security/firewall-rule/m-p/3090694#M133407 <P>I'm getting a block and I don't understand why. &nbsp;I used the &nbsp;ASDM tool to packet trace. Tried a telnet to the 10.0.0.0 and port and it work. When I test remote it doesn't work. &nbsp;Its blocked.</P> <P></P> <P>Object network obj-10.0.0.0</P> <P>host 10.0.0.0</P> <P></P> <P></P> <P>Obj network obj-10.0.0.0</P> <P>nat (inside, outside) 12.0.0.0 service tcp ssh ssh</P> <P>Obj network obj-10.0.0.0</P> <P>nat (inside, outside) 12.0.0.0 service tcp 990 990</P> <P></P> <P>Acl inside extended permit tcp host 10.0.0.0 host 12.0.0.0 eq ssh</P> <P>Acl inside extended permit tcp host 10.0.0.0 host 12.0.0.0 eq 990</P> <P></P> <P>Acl outside extended permit tcp host 12.0.0.0 host 10.0.0.0 eq ssh</P> <P>Acl outside extended permit tcp host 12.0.0.0 host 10.0.0.0 eq 990</P> Tue, 12 Mar 2019 09:48:08 GMT https://community.cisco.com/t5/network-security/firewall-rule/m-p/3090694#M133407 Jay Cambell 2019-03-12T09:48:08Z https://community.cisco.com/t5/network-security/firewall-rule/m-p/3090695#M133408 <P>Your inbound ACL rule below seems to be wrong</P> <PRE class="prettyprint">Acl outside extended permit tcp host 12.0.0.0 host 10.0.0.0 eq ssh<BR />Acl outside extended permit tcp host 12.0.0.0 host 10.0.0.0 eq 990</PRE> <P>These rules should ideally be (considering ASA is version 8.3+):</P> <PRE class="prettyprint">Acl outside extended permit tcp any host 10.0.0.0 eq ssh<BR />Acl outside extended permit tcp any&nbsp;host 10.0.0.0 eq 990</PRE> <P>Your&nbsp;<SPAN>Acl inside should also change accordingly.</SPAN></P> <P></P> <P></P> Thu, 10 Aug 2017 00:55:45 GMT https://community.cisco.com/t5/network-security/firewall-rule/m-p/3090695#M133408 Rahul Govindan 2017-08-10T00:55:45Z https://community.cisco.com/t5/network-security/firewall-rule/m-p/3090696#M133409 <P>Are you saying the inbound should look like the below? Can you explain the difference?&nbsp;</P> <P></P> <P>Acl inside extended permit tcp host 12.0.0.0 host 10.0.0.0 eq ssh</P> <P>Acl inside extended permit tcp host 12.0.0.0 host 10.0.0.0 eq 990</P> Thu, 10 Aug 2017 01:59:11 GMT https://community.cisco.com/t5/network-security/firewall-rule/m-p/3090696#M133409 Jay Cambell 2017-08-10T01:59:11Z https://community.cisco.com/t5/network-security/firewall-rule/m-p/3090697#M133410 <P>Or inbound should look like this.&nbsp;</P> <P></P> <PRE class="prettyprint prettyprinted"><SPAN class="typ">Acl</SPAN><SPAN class="pln"> inside extended permit tcp any host 12.0.0.0</SPAN><SPAN class="pln"> eq ssh</SPAN><BR /><SPAN class="typ">Acl</SPAN><SPAN class="pln"> inside extended permit tcp any&nbsp;host 12.0.0.0</SPAN><SPAN class="pln"> eq </SPAN><SPAN class="lit">990</SPAN></PRE> Thu, 10 Aug 2017 02:30:22 GMT https://community.cisco.com/t5/network-security/firewall-rule/m-p/3090697#M133410 Jay Cambell 2017-08-10T02:30:22Z