Forward a range of ports ASA 7.2

Unanswered Question
Dec 12th, 2007
User Badges:

Need to forward a range of ports from the outside to the inside. I have statics in there and ACLs that are forwarding one port per ACL. Now I have a VOIP adapter and it wants a range of ports forwarded to it.

Thanks everyone

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cpembleton Wed, 12/12/2007 - 19:47
User Badges:
  • Silver, 250 points or more

You need to create a service object-group with the range needed. In your inbound ACL you use the object-group instead of the port.

Service object-group


object-group service VOIP udp

port-object range 1000 2000

access-list outside->inside permit udp any external_IP object-group VOIP

Hope this helps!


Please rate if helpful.

srue Wed, 12/12/2007 - 20:15
User Badges:
  • Blue, 1500 points or more


access-list outside_acl permit tcp any host x.x.x.x range 1-10

as an example...

unless you're going to reuse the object-group in another acl entry, you dont need it.

Massimo Baschieri Wed, 12/12/2007 - 22:18
User Badges:

Hope You don't mind if I join the discussion...

Ok for the access list use of object groups and range options, this takes care of the filter issue and surely works if you have a static nat statement, but what if you have port forwarding instead of static nat, is there a similar "trick" in order to forward a entire range of ports in a single statement?




This Discussion