cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
875
Views
0
Helpful
10
Replies

Port access to inside

Thomas Summers
Beginner
Beginner

I am trying to allow access to my inside users on port 5222 for a new phone system application on a ASA5505. All of my inside users are using DHCP from a Domain Controller.  If I connect to another network that does not have a ASA 5505 in place I am able to open the application that uses port 5222, but from the network behind the ASA I am not able to.

10 Replies 10

stevechege
Beginner
Beginner

Hello,

What kind of application is it?

It could be an ACL on the inside interface. Maybe the "inside" subnet is not allowed or is blocked by the firewall .

Do you have a ACL on the inside interface?

Things taht we need to help you out and understand your problem:

source IP

destination IP

application

ASA configuration

How does the application work????

Value our effort and rate the assistance!

The Source IP is 74.43.254.162

The Destination IP will be 10.10.10.0/24  Internal subnet

This applications allows the users to see how many calls are the in queue, if they have voice mail, who is in or away

ASA configuration;

!
interface Vlan1
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 216.255.166.36 255.255.255.240
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
!
time-range Close_Portol
!
boot system disk0:/asa804-28-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name tvcconnect.net
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network FTPHosts
description Those that are allowed to use FTP
network-object 216.255.166.7 255.255.255.255
network-object 63.161.147.154 255.255.255.255
network-object 63.161.147.10 255.255.255.255
network-object host 216.255.162.47
network-object host 64.161.190.116
network-object host 208.85.128.5
network-object host 208.85.128.2
network-object host 75.13.65.241
network-object host 10.10.10.151
network-object host 10.10.10.8
object-group network PeakViewSolutions
network-object host 10.10.10.21
object-group network TVCBlackBerryIPs

*

*

*object-group network TVCDroidsIPs

*

*

*

object-group network TVC_GLDS_External_Hosts
*

*

*
object-group network BLUE_MOON
*

access-list 100 extended permit ip 10.10.10.0 255.255.255.0 172.16.205.0 255.255.255.0
access-list nonat extended permit ip 10.10.10.0 255.255.255.0 host 172.16.205.15
access-list nonat extended permit ip any 192.168.250.0 255.255.255.0
access-list nonat extended permit ip any 10.7.7.0 255.255.255.248
access-list nonat extended permit ip 172.16.208.0 255.255.255.0 host 172.16.205.10
access-list nonat extended permit ip 172.16.208.0 255.255.255.0 host 172.16.205.20
access-list nonat extended permit ip host 10.10.10.101 172.16.205.0 255.255.255.0
access-list TVC_In extended permit tcp object-group FTPHosts host 216.255.166.41 eq ftp
access-list TVC_In extended permit ip 74.62.190.0 255.255.255.0 host 216.255.166.40
access-list TVC_In extended permit icmp host 216.255.162.36 host 216.255.166.37
access-list TVC_In extended permit ip host 216.255.162.37 host 216.255.166.37
access-list TVC_In extended permit tcp host 216.255.162.36 host 216.255.166.37 eq 15802
access-list TVC_In extended permit udp host 216.255.162.36 host 216.255.166.37 eq 15802
access-list TVC_In extended permit tcp host 216.255.162.36 host 216.255.166.37 eq 15803
access-list TVC_In extended permit udp host 216.255.162.36 host 216.255.166.37 eq 15803
access-list TVC_In extended permit tcp host 216.255.162.36 host 216.255.166.40 eq 15802
access-list TVC_In e