Hello, and thanks for all the help.
What the issue boiled down to, I was creating the access list just
like the static command. Which means I was using the source and
destination ports when creating it. You just need the destination port,
actually because the firewall "catches" the packet on a different port
and un encapsulates the packet and passes it through. The different
port was causing the accesslist to reject the packet.
so this is what I had:
>access-list Etherpoint_access_in extended permit tcp any eq 5900 host
outside-ip eq 5900
This is what worked
>access-list Etherpoint_access_in extended permit tcp any host
outside-ip eq 5900
A complete example if anyone who needs it to route external request to
an internal host:
* access list to permit traffic in
access-list Etherpoint_access_in extended permit tcp any host
outside-ip eq 5900
*static command to setup the relationship form outside interface to
inside host
static (Inside,Etherpoint) tcp interface 5900 192.168.125.8 5900
netmask 255.255.255.255
* command to bind the accesslist to the outside interface
access-group Etherpoint_access_in in interface Etherpoint
Thanks again list
Bill Kruchas
Below is the full question and details.