11-19-2013 11:52 AM - edited 03-11-2019 08:07 PM
I am trying to allow access to my inside users on port 5222 for a new phone system application on a ASA5505. All of my inside users are using DHCP from a Domain Controller. If I connect to another network that does not have a ASA 5505 in place I am able to open the application that uses port 5222, but from the network behind the ASA I am not able to.
11-19-2013 12:29 PM
Hello,
What kind of application is it?
It could be an ACL on the inside interface. Maybe the "inside" subnet is not allowed or is blocked by the firewall .
Do you have a ACL on the inside interface?
11-19-2013 12:41 PM
Things taht we need to help you out and understand your problem:
source IP
destination IP
application
ASA configuration
How does the application work????
11-20-2013 03:59 AM
The Source IP is 74.43.254.162
The Destination IP will be 10.10.10.0/24 Internal subnet
This applications allows the users to see how many calls are the in queue, if they have voice mail, who is in or away
ASA configuration;
!
interface Vlan1
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 216.255.166.36 255.255.255.240
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
!
time-range Close_Portol
!
boot system disk0:/asa804-28-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name tvcconnect.net
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network FTPHosts
description Those that are allowed to use FTP
network-object 216.255.166.7 255.255.255.255
network-object 63.161.147.154 255.255.255.255
network-object 63.161.147.10 255.255.255.255
network-object host 216.255.162.47
network-object host 64.161.190.116
network-object host 208.85.128.5
network-object host 208.85.128.2
network-object host 75.13.65.241
network-object host 10.10.10.151
network-object host 10.10.10.8
object-group network PeakViewSolutions
network-object host 10.10.10.21
object-group network TVCBlackBerryIPs
*
*
*object-group network TVCDroidsIPs
*
*
*
object-group network TVC_GLDS_External_Hosts
*
*
*
object-group network BLUE_MOON
*
access-list 100 extended permit ip 10.10.10.0 255.255.255.0 172.16.205.0 255.255.255.0
access-list nonat extended permit ip 10.10.10.0 255.255.255.0 host 172.16.205.15
access-list nonat extended permit ip any 192.168.250.0 255.255.255.0
access-list nonat extended permit ip any 10.7.7.0 255.255.255.248
access-list nonat extended permit ip 172.16.208.0 255.255.255.0 host 172.16.205.10
access-list nonat extended permit ip 172.16.208.0 255.255.255.0 host 172.16.205.20
access-list nonat extended permit ip host 10.10.10.101 172.16.205.0 255.255.255.0
access-list TVC_In extended permit tcp object-group FTPHosts host 216.255.166.41 eq ftp
access-list TVC_In extended permit ip 74.62.190.0 255.255.255.0 host 216.255.166.40
access-list TVC_In extended permit icmp host 216.255.162.36 host 216.255.166.37
access-list TVC_In extended permit ip host 216.255.162.37 host 216.255.166.37
access-list TVC_In extended permit tcp host 216.255.162.36 host 216.255.166.37 eq 15802
access-list TVC_In extended permit udp host 216.255.162.36 host 216.255.166.37 eq 15802
access-list TVC_In extended permit tcp host 216.255.162.36 host 216.255.166.37 eq 15803
access-list TVC_In extended permit udp host 216.255.162.36 host 216.255.166.37 eq 15803
access-list TVC_In extended permit tcp host 216.255.162.36 host 216.255.166.40 eq 15802
access-list TVC_In e