topic Hi Jmoritz,You should add a in Network Security

TCP access denied by ACL

jmoritz99 — Tue, 12 Mar 2019 05:00:55 GMT

I have a security camera server with a web interface that formerly used a port forward in the service provider's modem/router to allow access to this interface from the internet. A 5505 ASA was installed after the modem to create a VPN to allow remote support. The VPN is configured and operational, but the web interface is no longer accessible. This site also has only one public IP address, and the server is on the only subnet that is configured.

The port forward was removed from the ISP modem/router, and I have configured port forwarding to the server on port 80. I also have configured an ACL to allow access from the outside to port 80. However, when attempting to access the server the logging shows:

TCP access denied by ACL from X.X.X.X/51945 to outside:X.X.X.X/80

I have attached my config file, please take a look and see what is causing this issue.

Thanks,

Jason

Hi Jmoritz,You should add a

Aref Alsouqi — Thu, 30 Oct 2014 21:37:52 GMT

Hi Jmoritz,

You should add a nat statement for the object network milestone:

object network milestone
nat (inside,outside) static interface service tcp 80 80

By doing so host 10.1.33.238 would be natted to the outside interfce, so any connection on port 80 on the outside interface would be forwarded to it on port 80.

Regards,

Aref

Aref,I entered the commands

jmoritz99 — Fri, 31 Oct 2014 13:02:47 GMT

Aref,

I entered the commands as you suggested, but still getting the same results. Is there anything else that I can do?

Try to clear the xlate table

Aref Alsouqi — Fri, 31 Oct 2014 16:00:25 GMT

Try to clear the xlate table and local host table with these commands and try again, and please remember that the ip address of the server on the access list has to be the real "private" ip address:

clear xlate

clear local-host

Regards,

Aref