04-13-2008 02:19 PM - edited 03-11-2019 05:30 AM
I need to open ports 6464, 7575 and 443 in my Cisco ASA 5505 so that techs in our office can access a hospitals Stentor Isight...Please help with abc steps.
04-13-2008 07:02 PM
If your techs are inside your LAN behind asa5505 firewall and are trying to connect to and outside server out in another location over internet you don't need to open up these ports for outbound connections.
On the other hand, if you are hosting a Stentor server behind asa5505 firewall and want to provide access for outsiders to access the hosting server on ports mentioned in your post this can be done as follows in firewall.
1- Piblic IP for a one-to-one NAT for local server so that can be accessible over internet.
2- Configure firewall tcp service ports
3- Configure firewall access rules
e.i assume
1- Public IP is 20.20.20.20, Local Stentor IP 10.10.10.10, server seating inside LAN.
static (inside,outside) 20.20.20.20 10.10.10.10 netmask 255.255.255.255
2- Configure TCP service group
object-group service Stent_server tcp
port-object eq 6464
port-object eq 7575
port-object eq https
3- Configure access list and apply to outside interface
access-list outside_access_in extended permit tcp any host 20.20.20.20 object-group Stent_serve
access-group outside_access_in in interface outside
HTH
Rgds
Jorge
04-13-2008 10:38 PM
Thank you. This was very informative However, I wonder why the IT guy at the hospital's radiology department was so definative about needing to open those outlined ports. I plan to speak with him in the morning. I believe he mentioned something about needing to have both outbound and inbound connections...
04-14-2008 12:31 PM
Like I said, outbound does not need to be permitted, unless you explicetly block outbound traffic in your firewall, once a source atempts a connection to a destination hosts outside fw tcp three way handchake is stablished and comminication between source and destination host flows.
In any case, post your findings/update.
Rgds
Jorge
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: