Newb question - How do I open port 443 on ASA 5510

Unanswered Question
May 11th, 2007

Just got a new ASA 5510 and I am having a hard time letting any trafic through. I can ping the outside interface but none of the ports are open.

Ethernet0/0 outside

Ethernet0/1 inside

The nic on my iis server is

This is about as far as I have gotten. I have been using the ASDM so far. I have tried everything I can think of. Static routes (not even really sure if i need this) inside outside secuity policies.

I posted the code below. Thanks,


asdm image disk0:/asdm506.bin

asdm location server inside

no asdm history enable

: Saved


ASA Version 7.0(6)


hostname badgernetcisco



name server



interface Ethernet0/0

nameif outside

security-level 0

ip address


interface Ethernet0/1

nameif inside

security-level 100

ip address


interface Ethernet0/2


no nameif

no security-level

no ip address


interface Ethernet0/3


no nameif

no security-level

no ip address


interface Management0/0

nameif management

security-level 100

ip address



ftp mode passive

object-group service www tcp-udp

port-object eq www

access-list outside_access_in extended permit tcp interface outside eq https interface inside eq https

access-list outside_access_out extended permit tcp interface inside eq https interface outside eq https

pager lines 24

logging asdm informational

mtu management 1500

mtu outside 1500

mtu inside 1500

no failover

monitor-interface management

monitor-interface outside

monitor-interface inside

asdm image disk0:/asdm506.bin

no asdm history enable

arp timeout 14400

nat (management) 0

access-group outside_access_in in interface outside

access-group outside_access_out out interface outside

route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address management

dhcpd address server- inside

dhcpd dns 216.x.x.192

dhcpd lease 3600

dhcpd ping_timeout 50

dhcpd enable management

dhcpd enable inside


class-map inspection_default

match default-inspection-traffic



policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)


Take a look at the following document to assist, this document is explaining how to allow SMTP traffic with the mail server on the inside network.

But the principle for allowing HTTPS (port 443) is the same....


access-list https_in extended permit tcp any host eq https

access-group https_in in interface outside

static (inside,outside) netmask

Save and also issue - clear xlate.

PS. Advisable that you start from a fresh configuration as the posted configuration looks a bit messey :)

Hope it helps and please rate posts if it does - good luck, let us know if you need any further help.


lonnycisco Sun, 05/13/2007 - 10:20


I entered the first 3 commands

access-list https_in extended permit tcp any host eq https

access-group https_in in interface outside

static (inside,outside) netmask

then I submitted. There was a warning error.

Then I could not use the asdm interface anymore (most) parts were blanked out.

Then I tried a clear config command.

Now I can't get in to asdm and it is not assigning dhcp anymore.

Any ideas? I can't get to the server to do a hard reset on the firewall



This Discussion