Cisco ASA version 9.1 NAT/FIREWALL help

I have made the requested changes, I still cannot get the exacq client(dvr) to connect externally. I have had at one point these exact rules.

ASA Version 9.1(5) 
!
hostname FW1
domain-name default.domain.invalid
enable password f1.dbpN3WOaY0kNs encrypted
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 1.1.1.1 255.255.255.252 
!
interface Ethernet0/1
 nameif Inside
 security-level 100
 ip address 10.15.1.254 255.255.0.0 
!
interface Ethernet0/2
 nameif DMZ
 security-level 50
 ip address 10.5.1.1 255.255.255.0 
!
interface Ethernet0/3
 nameif Security
 security-level 75
 ip address 192.168.0.1 255.255.255.0 
!
interface Management0/0
 no nameif
 no security-level
 ip address 192.168.1.1 255.255.255.0 
!
boot system disk0:/asa915-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
 domain-name default.domain.invalid
object network Security-Internal
 subnet 192.168.0.0 255.255.255.0
object network Internal_Server-22609
 host 192.168.0.100
object network Internal_Server-8080
 host 192.168.0.100
object-group service BL_22609
 service-object tcp destination eq 22609 
object-group network DEFAULT-PAT-SOURCE
 network-object 192.168.0.0 255.255.255.0
 network-object 10.15.0.0 255.255.0.0
 network-object 10.5.1.0 255.255.255.0
access-list outside_access_in extended permit tcp any object Internal_Server-22609 eq 22609 
access-list outside_access_in extended permit tcp any object Internal_Server-8080 eq 8080 
access-list outside_access_in extended permit ip any any 
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu Inside 1500
mtu DMZ 1500
mtu Security 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-722.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (Inside,outside) source dynamic PKP-Internal interface inactive
nat (Security,outside) source dynamic Security-Internal interface inactive
nat (DMZ,outside) source dynamic any interface inactive
!
object network Internal_Server-22609
 nat (Security,outside) static interface service tcp 22609 22609 
object network Internal_Server-8080
 nat (Security,outside) static interface service tcp 8080 8080 
!
nat (any,outside) after-auto source dynamic DEFAULT-PAT-SOURCE interface
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 1.1.1.2 1 
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL 
http server enable
http 10.15.0.0 255.255.0.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh 10.15.0.0 255.255.0.0 Inside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access Inside
dhcpd dns 8.8.8.8 8.8.4.4
!
dhcpd dns 8.8.8.8 8.8.4.4 interface Inside
dhcpd lease 86400 interface Inside
!
dhcpd address 10.5.1.5-10.5.1.254 DMZ
dhcpd dns 8.8.8.8 8.8.4.4 interface DMZ
dhcpd lease 86400 interface DMZ
dhcpd enable DMZ
!
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
 enable outside
 anyconnect image disk0:/anyconnect-win-3.1.05178-k9.pkg 1
 anyconnect enable
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny  
  inspect esmtp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip  
  inspect xdmcp 
  inspect icmp 
!
service-policy global_policy global
prompt hostname context 
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1fc2e506e1f2fdaa5b87a41663594f6f
: end

Select allOpen in new window

I am also not seeing any hits on the ACL's at all other than on the permit ip any any

>>access-list outside_access_in extended permit ip any any

Remove that, why disable your firewall for inbound traffic?

Step 1 make sure the servers is listening on those ports internally (you would be surprised)
Step 2 Scan your firewall to check id the port is up.

Make sure you can 'ping' your ASA public IP (in case theres a device in front of it blocking these ports)

The syntax I posted above has worked for me on hundreds of clients for the past few years.

Pete

This worked, I had not diabled one of the original nat rules I had marked as inactive after I made the change! Thanks.