Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
639
Views
0
Helpful
3
Replies

Open Ports

L02731619z
Level 1
Level 1

‎04-13-2008 02:19 PM - edited ‎03-11-2019 05:30 AM

I need to open ports 6464, 7575 and 443 in my Cisco ASA 5505 so that techs in our office can access a hospitals Stentor Isight...Please help with abc steps.

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎04-13-2008 07:02 PM

If your techs are inside your LAN behind asa5505 firewall and are trying to connect to and outside server out in another location over internet you don't need to open up these ports for outbound connections.

On the other hand, if you are hosting a Stentor server behind asa5505 firewall and want to provide access for outsiders to access the hosting server on ports mentioned in your post this can be done as follows in firewall.

1- Piblic IP for a one-to-one NAT for local server so that can be accessible over internet.

2- Configure firewall tcp service ports

3- Configure firewall access rules

e.i assume

1- Public IP is 20.20.20.20, Local Stentor IP 10.10.10.10, server seating inside LAN.

static (inside,outside) 20.20.20.20 10.10.10.10 netmask 255.255.255.255

2- Configure TCP service group

object-group service Stent_server tcp

port-object eq 6464

port-object eq 7575

port-object eq https

3- Configure access list and apply to outside interface

access-list outside_access_in extended permit tcp any host 20.20.20.20 object-group Stent_serve

access-group outside_access_in in interface outside

HTH

Rgds

Jorge

Jorge Rodriguez
0 Helpful

L02731619z
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎04-13-2008 10:38 PM

Thank you. This was very informative However, I wonder why the IT guy at the hospital's radiology department was so definative about needing to open those outlined ports. I plan to speak with him in the morning. I believe he mentioned something about needing to have both outbound and inbound connections...

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to L02731619z

‎04-14-2008 12:31 PM

Like I said, outbound does not need to be permitted, unless you explicetly block outbound traffic in your firewall, once a source atempts a connection to a destination hosts outside fw tcp three way handchake is stablished and comminication between source and destination host flows.

In any case, post your findings/update.

Rgds

Jorge

Jorge Rodriguez
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card