cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
18819
Views
5
Helpful
3
Replies

ACL allow port range - ASA 5505

jdrose_2
Level 1
Level 1

Is there a command to allow a range of ports or all ports to pass through? I can allow individual ports with an eq statement (eq smtp, eq 3389, etc.), but I need to allow a wide range (or all)from one specific IP address through to one specific server. Thanks.

3 Replies 3

philiechang
Level 1
Level 1

yes, you can use the range command.

eg:

access-list dmz_access_in extended permit tcp host WEB host EXT-WEB range 8500 9000

Thanks! Just curious - is there a command to allow all ports or do you just need to expand the range to incluse all?

For all tcp ports just do...

access-list dmz_access_in extended permit tcp host WEB host EXT-WEB

or all udp ports...

access-list dmz_access_in extended permit udp host WEB host EXT-WEB

or both

access-list dmz_access_in extended permit ip host WEB host EXT-WEB

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: