access list rule not working - Page 2

Dragomir · ‎07-22-2013

I have an extended access-list rule that is #1 in poistion on the external access list

access-list acl-outside line 1 extended permit tcp host x.x.x.x host a.b.c.d eq 5723

access-list acl-outside line 2 extended permit tcp host x.x.x.y host a.b.c.e eq 5723

but when i telnet from x.x.x.x to a.b.c.d to 5723

it does not listen or respond.

internally i verified that the ports is listening on the host.

The ip of the internal ip is natted to the external ip a.b.c.d

any idea?

Dragomir · ‎07-22-2013

yes I am logged into the adsm. all icmp traffic i can see being logged. but telnetting to port 5723 is not. I actually aleady see an access list ule allow all traffic from the source ip subnet to this ip.

I was able to telnet to port 80 and it worked. but not 5723. any ideas?

but even telnetting to port 80 shows no logging traffic

Dragomir · ‎07-22-2013

when i telnet to port 443 of th public ip, I get something like

Teardown TCP connection 319711461 for outside: 1.1.1.1/49632 to inside 2.2.2.2/443 duration 0:00:00 bytes 0 TCP Reset-I

but whne i telnet to port 80 or 5723, nothing happens and no logging occurs

Jouni Forss · ‎07-23-2013

Hi,

Well without seeing any actual configurations it would seem that your connections simply arent reaching the ASA if its not logging anything.

The above log message indicates that the connection was immediately reset by the internal host/server. So it refused the connection by sending TCP Reset.

- Jouni