ACL allow port range - ASA 5505

Unanswered Question
Feb 19th, 2009
User Badges:

Is there a command to allow a range of ports or all ports to pass through? I can allow individual ports with an eq statement (eq smtp, eq 3389, etc.), but I need to allow a wide range (or all)from one specific IP address through to one specific server. Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
philiechang Thu, 02/19/2009 - 15:44
User Badges:

yes, you can use the range command.


eg:


access-list dmz_access_in extended permit tcp host WEB host EXT-WEB range 8500 9000

jdrose_2 Fri, 02/20/2009 - 05:52
User Badges:

Thanks! Just curious - is there a command to allow all ports or do you just need to expand the range to incluse all?

acomiskey Fri, 02/20/2009 - 09:43
User Badges:
  • Green, 3000 points or more

For all tcp ports just do...


access-list dmz_access_in extended permit tcp host WEB host EXT-WEB


or all udp ports...


access-list dmz_access_in extended permit udp host WEB host EXT-WEB


or both


access-list dmz_access_in extended permit ip host WEB host EXT-WEB

Actions

This Discussion