ACL allow port range - ASA 5505

Unanswered Question
Feb 19th, 2009

Is there a command to allow a range of ports or all ports to pass through? I can allow individual ports with an eq statement (eq smtp, eq 3389, etc.), but I need to allow a wide range (or all)from one specific IP address through to one specific server. Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
philiechang Thu, 02/19/2009 - 15:44

yes, you can use the range command.

eg:

access-list dmz_access_in extended permit tcp host WEB host EXT-WEB range 8500 9000

jdrose_2 Fri, 02/20/2009 - 05:52

Thanks! Just curious - is there a command to allow all ports or do you just need to expand the range to incluse all?

acomiskey Fri, 02/20/2009 - 09:43

For all tcp ports just do...

access-list dmz_access_in extended permit tcp host WEB host EXT-WEB

or all udp ports...

access-list dmz_access_in extended permit udp host WEB host EXT-WEB

or both

access-list dmz_access_in extended permit ip host WEB host EXT-WEB

Actions

This Discussion