Open Ports

Unanswered Question
Apr 13th, 2008

I need to open ports 6464, 7575 and 443 in my Cisco ASA 5505 so that techs in our office can access a hospitals Stentor Isight...Please help with abc steps.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Sun, 04/13/2008 - 19:02

If your techs are inside your LAN behind asa5505 firewall and are trying to connect to and outside server out in another location over internet you don't need to open up these ports for outbound connections.

On the other hand, if you are hosting a Stentor server behind asa5505 firewall and want to provide access for outsiders to access the hosting server on ports mentioned in your post this can be done as follows in firewall.

1- Piblic IP for a one-to-one NAT for local server so that can be accessible over internet.

2- Configure firewall tcp service ports

3- Configure firewall access rules

e.i assume

1- Public IP is, Local Stentor IP, server seating inside LAN.

static (inside,outside) netmask

2- Configure TCP service group

object-group service Stent_server tcp

port-object eq 6464

port-object eq 7575

port-object eq https

3- Configure access list and apply to outside interface

access-list outside_access_in extended permit tcp any host object-group Stent_serve

access-group outside_access_in in interface outside




L02731619z Sun, 04/13/2008 - 22:38

Thank you. This was very informative However, I wonder why the IT guy at the hospital's radiology department was so definative about needing to open those outlined ports. I plan to speak with him in the morning. I believe he mentioned something about needing to have both outbound and inbound connections...

JORGE RODRIGUEZ Mon, 04/14/2008 - 12:31

Like I said, outbound does not need to be permitted, unless you explicetly block outbound traffic in your firewall, once a source atempts a connection to a destination hosts outside fw tcp three way handchake is stablished and comminication between source and destination host flows.

In any case, post your findings/update.




This Discussion