Port access to inside

Thomas Summers · ‎11-19-2013

I am trying to allow access to my inside users on port 5222 for a new phone system application on a ASA5505. All of my inside users are using DHCP from a Domain Controller. If I connect to another network that does not have a ASA 5505 in place I am able to open the application that uses port 5222, but from the network behind the ASA I am not able to.

stevechege · ‎11-19-2013

Hello,

What kind of application is it?

It could be an ACL on the inside interface. Maybe the "inside" subnet is not allowed or is blocked by the firewall .

Do you have a ACL on the inside interface?

jumora · ‎11-19-2013

Things taht we need to help you out and understand your problem:

source IP

destination IP

application

ASA configuration

How does the application work????

Value our effort and rate the assistance!

Thomas Summers · ‎11-20-2013

The Source IP is 74.43.254.162

The Destination IP will be 10.10.10.0/24 Internal subnet

This applications allows the users to see how many calls are the in queue, if they have voice mail, who is in or away

ASA configuration;

!
interface Vlan1
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 216.255.166.36 255.255.255.240
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
!
time-range Close_Portol
!
boot system disk0:/asa804-28-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name tvcconnect.net
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network FTPHosts
description Those that are allowed to use FTP
network-object 216.255.166.7 255.255.255.255
network-object 63.161.147.154 255.255.255.255
network-object 63.161.147.10 255.255.255.255
network-object host 216.255.162.47
network-object host 64.161.190.116
network-object host 208.85.128.5
network-object host 208.85.128.2
network-object host 75.13.65.241
network-object host 10.10.10.151
network-object host 10.10.10.8
object-group network PeakViewSolutions
network-object host 10.10.10.21
object-group network TVCBlackBerryIPs

*

*object-group network TVCDroidsIPs

*

object-group network TVC_GLDS_External_Hosts
*

*

*
object-group network BLUE_MOON
*

access-list 100 extended permit ip 10.10.10.0 255.255.255.0 172.16.205.0 255.255.255.0
access-list nonat extended permit ip 10.10.10.0 255.255.255.0 host 172.16.205.15
access-list nonat extended permit ip any 192.168.250.0 255.255.255.0
access-list nonat extended permit ip any 10.7.7.0 255.255.255.248
access-list nonat extended permit ip 172.16.208.0 255.255.255.0 host 172.16.205.10
access-list nonat extended permit ip 172.16.208.0 255.255.255.0 host 172.16.205.20
access-list nonat extended permit ip host 10.10.10.101 172.16.205.0 255.255.255.0
access-list TVC_In extended permit tcp object-group FTPHosts host 216.255.166.41 eq ftp
access-list TVC_In extended permit ip 74.62.190.0 255.255.255.0 host 216.255.166.40
access-list TVC_In extended permit icmp host 216.255.162.36 host 216.255.166.37
access-list TVC_In extended permit ip host 216.255.162.37 host 216.255.166.37
access-list TVC_In extended permit tcp host 216.255.162.36 host 216.255.166.37 eq 15802
access-list TVC_In extended permit udp host 216.255.162.36 host 216.255.166.37 eq 15802
access-list TVC_In extended permit tcp host 216.255.162.36 host 216.255.166.37 eq 15803
access-list TVC_In extended permit udp host 216.255.162.36 host 216.255.166.37 eq 15803
access-list TVC_In extended permit tcp host 216.255.162.36 host 216.255.166.40 eq 15802
access-list TVC_In e