https://community.cisco.com/t5/network-security/acl/m-p/1335549#M819331 <HTML><HEAD></HEAD><BODY><P>So you are trying to connect from 192.168.0.1 to any address on port 5017 ?</P><P></P><P>What is port 5017 ie. what application ?</P><P></P><P>Could you post the ASA config ?</P><P></P><P>Jon</P></BODY></HTML> Wed, 19 Aug 2009 18:01:14 GMT Jon Marshall 2009-08-19T18:01:14Z https://community.cisco.com/t5/network-security/acl/m-p/1335548#M819329 <P>Dear Sir,</P><P>The following acl is applied to the asa inside interface.</P><P>access-list 100 permit tcp host 192.168.0.1 any eq 5017</P><P>access-list 100 deny ip any any</P><P>access-group 100 in interface inside.</P><P>Netstat in windows command prompt shows that the connection on that port is initiated through the firewall but the return traffic is being blocked,</P><P>I learnt that tcp traffic obey to stateful inspection means that return traffic are always allowed for tcp.</P><P>Why is the return traffic being blocked?What can i do ?</P><P></P><P>Thanks.</P> Mon, 11 Mar 2019 16:07:50 GMT https://community.cisco.com/t5/network-security/acl/m-p/1335548#M819329 kolawole1 2019-03-11T16:07:50Z https://community.cisco.com/t5/network-security/acl/m-p/1335549#M819331 <HTML><HEAD></HEAD><BODY><P>So you are trying to connect from 192.168.0.1 to any address on port 5017 ?</P><P></P><P>What is port 5017 ie. what application ?</P><P></P><P>Could you post the ASA config ?</P><P></P><P>Jon</P></BODY></HTML> Wed, 19 Aug 2009 18:01:14 GMT https://community.cisco.com/t5/network-security/acl/m-p/1335549#M819331 Jon Marshall 2009-08-19T18:01:14Z https://community.cisco.com/t5/network-security/acl/m-p/1335550#M819334 <HTML><HEAD></HEAD><BODY><P>The application is netstream it connects to some satellites and collects information.</P><P></P><P>Thank you.</P></BODY></HTML> Thu, 20 Aug 2009 07:34:46 GMT https://community.cisco.com/t5/network-security/acl/m-p/1335550#M819334 kolawole1 2009-08-20T07:34:46Z