Forward a range of ports ASA 7.2

Unanswered Question
Dec 12th, 2007
User Badges:

Need to forward a range of ports from the outside to the inside. I have statics in there and ACLs that are forwarding one port per ACL. Now I have a VOIP adapter and it wants a range of ports forwarded to it.


Thanks everyone

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cpembleton Wed, 12/12/2007 - 19:47
User Badges:
  • Silver, 250 points or more

You need to create a service object-group with the range needed. In your inbound ACL you use the object-group instead of the port.


Service object-group

http://www.cisco.com/en/US/customer/docs/security/asa/asa72/configuration/guide/traffic.html#wp1042251


Example:

object-group service VOIP udp

port-object range 1000 2000


access-list outside->inside permit udp any external_IP object-group VOIP


Hope this helps!

Chad


Please rate if helpful.

srue Wed, 12/12/2007 - 20:15
User Badges:
  • Blue, 1500 points or more

or...


access-list outside_acl permit tcp any host x.x.x.x range 1-10


as an example...

unless you're going to reuse the object-group in another acl entry, you dont need it.

Massimo Baschieri Wed, 12/12/2007 - 22:18
User Badges:

Hope You don't mind if I join the discussion...

Ok for the access list use of object groups and range options, this takes care of the filter issue and surely works if you have a static nat statement, but what if you have port forwarding instead of static nat, is there a similar "trick" in order to forward a entire range of ports in a single statement?

Tnx,

Max.

Actions

This Discussion