cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

338
Views
0
Helpful
2
Replies
handsy
Beginner

ACL deny but permit rule exists!

I'm trying to get my VMware vCenter server to add a host on another network. I have applied a rule on my ASA with all the known TCP/UDP ports that vCenter uses.

vCenter lets me add the host but it disconnects almost immediately, and at that moment I see an ACL deny on my firewall as follows:

access-list outside-in denied tcp outside/10.72.210.118(5989) -> inside/10.167.253.21(60656)

 

..yet, I have the following rule on my ASA:

access-list outside-in line 59 extended permit tcp 10.72.210.0 255.255.255.0 host 10.167.253.21 eq 5989

 

This makes absolutely no sense to me and I'm stumped :(

2 REPLIES 2
Sam Jones
Beginner

Handsy,

These are the ports we allow through to add and manage a VMware host on a different network.

{VCenter IP} -> {VMware Host IP} {tcp/902, tcp/5989, tcp/443, tcp/27010, tcp/27000}
{VMware Host IP} -> {VCenter IP} {tcp/udp 902, tcp/udp 514, tcp 9084}

 

 

Jon Marshall
VIP Community Legend

Your acl line needs rewriting ie. -

access-list outside-in permit tcp 10.72.210.0 255.255.255.0 eq 5989 host 10.167.253.21

Jon