06-30-2008 08:41 AM - edited 03-11-2019 06:07 AM
I hope that I am describing my issue correctly:
I am getting errors that incoming packets are dropped because of access list "outside_access_in"
But I can't for the life of me figure it out.
I am pretty sure this used to work.
For example we use netmotion and that server is on the inside @ 192.168.123.160 using port 5008 which I have PATted from the outside interface.
But when a client on the outside attempts to access it I get the 106023 error : "Deny udp src outside:65.64.221.202/1269 dst inside:xx.xx.xx.xxx/5008 by access-group "outside_access_in" [0x0, 0x0]"
My external IP is DHCP from the ISP which is what shows at the above xx.xx.xx.xxx address.
Please, any pointers would be greatly appreciated.
Solved! Go to Solution.
06-30-2008 04:31 PM
Hi ..
I think the below ACL entry is not correct
access-list outside_access_in extended permit udp any host 192.168.123.160 eq 5008
it should allow access to the OUTSIDE INTERFACE as below
access-list outside_access_in extended permit udp any interface outside eq 5008
Similar entries should be added for any device being (Port Forwarded) by the external interface of the firewall).
The client on the outside of the firewall should be pointing to External-IP-Address of the firewall at port 5008 instead of to 192.168.123.160:5008
I hope it helps .. please rate helpfull posts.
06-30-2008 04:31 PM
Hi ..
I think the below ACL entry is not correct
access-list outside_access_in extended permit udp any host 192.168.123.160 eq 5008
it should allow access to the OUTSIDE INTERFACE as below
access-list outside_access_in extended permit udp any interface outside eq 5008
Similar entries should be added for any device being (Port Forwarded) by the external interface of the firewall).
The client on the outside of the firewall should be pointing to External-IP-Address of the firewall at port 5008 instead of to 192.168.123.160:5008
I hope it helps .. please rate helpfull posts.
07-01-2008 05:46 AM
I have implemented it as of now. I will let you know how it works out. Thank you for your input.
07-01-2008 05:58 AM
I have implemented it as of now. I will let you know how it works out. Thank you for your input.
07-30-2008 05:47 AM
Sorry, I practically forgot about this post.
It did indeed solve my issue. Thank you so much!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide