Open Port on ASA 5510

Unanswered Question
KARUPPUCHAMY MA... Tue, 03/16/2010 - 22:55


is the user is trying to access this application from outside to your network ??. If yes, write the extended acl and apply that acl into your outside interface,

access-list access-list-number [dynamic dynamic-name [timeout minutes]]{deny | permit} tcp source source-wildcard [operator port]] destination destination-wildcard [operator [port]] [established][precedence precedence] [tos tos] [log | log-input] [time-range time-range-name]


access-list 101 permit tcp host host eq telnet 


KARUPPUCHAMY MA... Tue, 03/16/2010 - 23:28


what is the source ip and where it is residing(inside of your firewall or outside) ??

what is the destination ip and where it is residing(inside of your firewall or outside) ??

not able to understand your questions...



KARUPPUCHAMY MA... Wed, 03/17/2010 - 18:16


If you are using cisco firewalls PIX515/525/533 or ASA then the default rule is from high security level inerface(inside) to low security level(outside) everything is permitted.No need to add any access list to access anything from your inside to outside.

But you should have a proper NAT configuration in your firewall.

If you need more help, then paste your running configuration.



Kureli Sankar Thu, 03/18/2010 - 18:57

To make your accessible via RDP you need to configure static

1. static (i,o) tcp interface 3389 3389 net

2. also provide permission via acl on the outside interface to allow traffic destined to your interface IP.

I want any IP on the LAN which is behind the firewall to access an IP 64.x.x.x outside the firewall

example any ip to access ip 61.x.x.x on port 6999.

For the above you don' t need anything if you do not have an inside access-list applied IN on the inside interface. If you do have acl that you have applied on the inside interface then you need to permit this flow.

access-list inside-acl per tcp any ho 61.x.x.x eq 6999



This Discussion