'any' destination port on access-list

Unanswered Question
Jan 3rd, 2009

I am looking for an option to allow me using 'ANY' keyword for destination port on the extended access-list. With and without object-group, I don't see any such option on ASA. I can only see port-object range 0-65535 that can be used for this purpose. Is that how it should be ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
godinerik Sat, 01/03/2009 - 22:44


I'm going to assume here you're trying to allow either TCP or UDP connections, but not both.

In the case you'd like to allow TCP connections on any ports, without using an object-group you can do:

access-list acl-inbound extended permit tcp any any

In the above example, you would be allowing TCP connections from any source host to any destination hosts, regardless of what port they're coming from. Of course, source/destination can be replaced by IPs and tcp can be substitued with udp.


This Discussion