Re: Need to allow inbound connection over TCP 9000

tom.brockman · ‎08-19-2007

I am trying to configure an ASA5510 (v7.12) to allow an inbound connection over TCP port 9000. I have a web server on the inside that is listening on port 9000 (http://192.168.1.1:9000)

I have setup a static NAT:

static (inside,outside) 1.2.3.4 192.168.1.1 netmask 255.255.255.255

and the access rule:

access-list outside_in extended permit tcp any host 1.2.3.4 eq 9000

Clients on the inside can reach the web server, but those outside the firewall are getting an unable to connect error.

What am I missing? This should be really straighforward.

sureshkum · ‎08-19-2007

Have u grouped the ACL in outside interface.Have u placed the route?

rajatsetia · ‎08-20-2007

Hi,

Check what sureshkum has stated ? also try this ...

access-list outside_in extended permit tcp any host 192.168.1.1 eq 9000

Best thing is to check the logs to get clear picture of your peoblem..

logs will tell you if the problem is realted to NAT or access list.

HTH

rgds

purohit_810 · ‎08-20-2007

Hi,

Do you have implemented same access-list on OUTSIDE interface?

NAT seems to be fine configured.

Ex:

access-group OUTSIDE_IN in interface outside

Regards,

Dharmesh Purohit

rigoberto.cintron · ‎08-20-2007

Check if you used the correct name in ACL.

Example

Your acl:

access-list outside_in extended permit tcp any host 1.2.3.4 eq 9000

Default acl name when you use the ASDM:

access-list outside_access_in extended permit tcp any host 1.2.3.4 eq 9000

tom.brockman · ‎08-20-2007

I figured this out. It was an internal routing issue. Thanks for your help.