Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1200
Views
5
Helpful
2
Replies

Open ports between 2 internal servers ASA 5512-X

Go to solution
Boutwell Owens
Level 1
Level 1

‎08-18-2016 02:02 PM - edited ‎03-12-2019 06:10 PM

I have a server at 192.168.1.4 and another at 192.168.1.5 that share a spam filter which is supposed to synchronize on ports 9095 and 9096.  I also only have access to the ASDM program, all attempts to telnet into the console it doesn't allow me to login with any username/password I have including the one that lets me get into the ASDM. 

I've gone into the Access control list, clicked Add Access Rule, set the

Source to be 192.168.1.4, 192.168.1.5
Destination to be 192.168.1.4, 192.168.1.5

Service to be tcp/9095, tcp/9096

Then clicked Okay and apply.

I got into my server at 192.168.1.4 and type Telnet 192.168.1.5 9095 and it says

Could not open connection to the host, on port 9095: Connect failed

The firewalls on the servers are off.  According to the makers of the spam software who I called, the spam software shouldn't be responding with that if the ports were open.  How do I do it using ASDM?  Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Luke Oxley
Level 1
Level 1

‎08-18-2016 05:39 PM

BoutwellO,

Thanks for your post. Are the two servers (192.168.1.4 and 192.168.1.5) both on the same subnet? If so, the firewall will never touch this traffic as it is layer 2 communication over the LAN. The rule you have added in on the firewall will not be affecting anything.
It sounds to me like there is something else inbetween the two hosts that is blocking the traffic, or more than likely the server(s) are not configured correctly. Are you sure the telnet service is using port 9095 and the server is listening on that port?
Sorry we cannot be of more assistance.

Regards,
Luke

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Luke Oxley
Level 1
Level 1

‎08-18-2016 05:39 PM

BoutwellO,

Thanks for your post. Are the two servers (192.168.1.4 and 192.168.1.5) both on the same subnet? If so, the firewall will never touch this traffic as it is layer 2 communication over the LAN. The rule you have added in on the firewall will not be affecting anything.
It sounds to me like there is something else inbetween the two hosts that is blocking the traffic, or more than likely the server(s) are not configured correctly. Are you sure the telnet service is using port 9095 and the server is listening on that port?
Sorry we cannot be of more assistance.

Regards,
Luke

0 Helpful

Go to solution
Boutwell Owens
Level 1
Level 1

‎08-19-2016 05:28 AM

Thanks, they are on the same subnet (they're 2 email servers configured in a DAG).  Now I know the firewall doesn't affect internal traffic.  I'll call the spam software company back to see if they know what the issue could be, it sounds like it's their program the servers are even plugged into the same switch.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card