Ports to be opened

Unanswered Question
Jul 18th, 2008

Hi i use ASA 5520 all my clients on my LAN Jus go out for internet i use ip any any on my outside interface of ASA i dont want to use it CAN u please tell me the default ports that are to be permitted i know some what else can be used




3389 remote desktop service

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Adam Frederick Fri, 07/18/2008 - 06:26

any traffic from in to out is permitted by deafult, unless you apply an ACL.

any traffic from out to in has to be permitted in an ACL if you have something that needs to be served to the web (ie. ftp). you Never want permit ip any any frmo out to in!!

dhananjoy chowdhury Fri, 07/18/2008 - 07:06


Some common ports would be

http,https,dns,ftp,3389.. but better to enable logging and capture traffic logs.

This will help you to build the access-lists for allowing traffic from inside LAN.

And like the other person has mentioned, put ACL on the Outside .. allow only legitimate traffic from Out to in.


This Discussion