High range ports and ASA inspection ?
Posted on 2010-11-10
We have an ASA5505 with inside, dmz and outside interface. I cannot get outside connections to come in.
We normally allow outside traffic into the dmz like this: (ip addresses have been changed)
access-list outside-in extended permit tcp any host 220.127.116.11 eq 80
access-list outside-in extended permit tcp any host 18.104.22.168 range 60000 64999
static (dmz,outside) 22.214.171.124 10.10.10.12 netmask 255.255.255.255
All DMZ hosts have full access to anything (except internal network)
The issue we are having is, no traffic is hitting 10.10.10.12 from the outside. I even did a permit ip any host 126.96.36.199 and still nothing. If we access 188.8.131.52 from 184.108.40.206,(one of our own public IPs) it works. But no other outside users can access it