Forward a range of ports ASA 7.2

rpitchford · ‎12-12-2007

Need to forward a range of ports from the outside to the inside. I have statics in there and ACLs that are forwarding one port per ACL. Now I have a VOIP adapter and it wants a range of ports forwarded to it.

Thanks everyone

cpembleton · ‎12-12-2007

You need to create a service object-group with the range needed. In your inbound ACL you use the object-group instead of the port.

Service object-group

http://www.cisco.com/en/US/customer/docs/security/asa/asa72/configuration/guide/traffic.html#wp1042251

Example:

object-group service VOIP udp

port-object range 1000 2000

access-list outside->inside permit udp any external_IP object-group VOIP

Hope this helps!

Chad

Please rate if helpful.

srue · ‎12-12-2007

or...

access-list outside_acl permit tcp any host x.x.x.x range 1-10

as an example...

unless you're going to reuse the object-group in another acl entry, you dont need it.

Massimo Baschieri · ‎12-12-2007

Hope You don't mind if I join the discussion...

Ok for the access list use of object groups and range options, this takes care of the filter issue and surely works if you have a static nat statement, but what if you have port forwarding instead of static nat, is there a similar "trick" in order to forward a entire range of ports in a single statement?

Tnx,

Max.