https://community.cisco.com/t5/network-security/asa5505-giving-error-106023/m-p/967159#M917480 <HTML><HEAD></HEAD><BODY><P>Hi .. </P><P></P><P>I think the below ACL entry is not correct</P><P></P><P>access-list outside_access_in extended permit udp any host 192.168.123.160 eq 5008 </P><P></P><P>it should allow access to the OUTSIDE INTERFACE as below</P><P></P><P>access-list outside_access_in extended permit udp any interface outside eq 5008 </P><P></P><P>Similar entries should be added for any device being (Port Forwarded) by the external interface of the firewall).</P><P></P><P>The client on the outside of the firewall should be pointing to External-IP-Address of the firewall at port 5008 instead of to 192.168.123.160:5008</P><P></P><P>I hope it helps .. please rate helpfull posts.</P><P></P><P></P></BODY></HTML> Mon, 30 Jun 2008 23:31:14 GMT Fernando_Meza 2008-06-30T23:31:14Z https://community.cisco.com/t5/network-security/asa5505-giving-error-106023/m-p/967158#M917477 <P>I hope that I am describing my issue correctly:</P><P>I am getting errors that incoming packets are dropped because of access list "outside_access_in"</P><P>But I can't for the life of me figure it out.</P><P>I am pretty sure this used to work.</P><P>For example we use netmotion and that server is on the inside @ 192.168.123.160 using port 5008 which I have PATted from the outside interface.</P><P>But when a client on the outside attempts to access it I get the 106023 error : "Deny udp src outside:65.64.221.202/1269 dst inside:xx.xx.xx.xxx/5008 by access-group "outside_access_in" [0x0, 0x0]"</P><P>My external IP is DHCP from the ISP which is what shows at the above xx.xx.xx.xxx address.</P><P></P><P>Please, any pointers would be greatly appreciated.</P><P></P><P></P><P> </P><P></P> Mon, 11 Mar 2019 13:07:03 GMT https://community.cisco.com/t5/network-security/asa5505-giving-error-106023/m-p/967158#M917477 dirkmelvin 2019-03-11T13:07:03Z https://community.cisco.com/t5/network-security/asa5505-giving-error-106023/m-p/967159#M917480 <HTML><HEAD></HEAD><BODY><P>Hi .. </P><P></P><P>I think the below ACL entry is not correct</P><P></P><P>access-list outside_access_in extended permit udp any host 192.168.123.160 eq 5008 </P><P></P><P>it should allow access to the OUTSIDE INTERFACE as below</P><P></P><P>access-list outside_access_in extended permit udp any interface outside eq 5008 </P><P></P><P>Similar entries should be added for any device being (Port Forwarded) by the external interface of the firewall).</P><P></P><P>The client on the outside of the firewall should be pointing to External-IP-Address of the firewall at port 5008 instead of to 192.168.123.160:5008</P><P></P><P>I hope it helps .. please rate helpfull posts.</P><P></P><P></P></BODY></HTML> Mon, 30 Jun 2008 23:31:14 GMT https://community.cisco.com/t5/network-security/asa5505-giving-error-106023/m-p/967159#M917480 Fernando_Meza 2008-06-30T23:31:14Z https://community.cisco.com/t5/network-security/asa5505-giving-error-106023/m-p/967160#M917482 <HTML><HEAD></HEAD><BODY><P>I have implemented it as of now. I will let you know how it works out. Thank you for your input.</P></BODY></HTML> Tue, 01 Jul 2008 12:46:08 GMT https://community.cisco.com/t5/network-security/asa5505-giving-error-106023/m-p/967160#M917482 dirkmelvin 2008-07-01T12:46:08Z https://community.cisco.com/t5/network-security/asa5505-giving-error-106023/m-p/967161#M917484 <HTML><HEAD></HEAD><BODY><P>I have implemented it as of now. I will let you know how it works out. Thank you for your input.</P></BODY></HTML> Tue, 01 Jul 2008 12:58:19 GMT https://community.cisco.com/t5/network-security/asa5505-giving-error-106023/m-p/967161#M917484 dirkmelvin 2008-07-01T12:58:19Z https://community.cisco.com/t5/network-security/asa5505-giving-error-106023/m-p/967162#M917486 <HTML><HEAD></HEAD><BODY><P>Sorry, I practically forgot about this post.</P><P></P><P>It did indeed solve my issue. Thank you so much!</P></BODY></HTML> Wed, 30 Jul 2008 12:47:55 GMT https://community.cisco.com/t5/network-security/asa5505-giving-error-106023/m-p/967162#M917486 dirkmelvin 2008-07-30T12:47:55Z