Open Port on ASA 5510

Unanswered Question
KARUPPUCHAMY MA... Tue, 03/16/2010 - 22:55

Hi,

is the user is trying to access this application from outside to your network ??. If yes, write the extended acl and apply that acl into your outside interface,


access-list access-list-number [dynamic dynamic-name [timeout minutes]]{deny | permit} tcp source source-wildcard [operator port]] destination destination-wildcard [operator [port]] [established][precedence precedence] [tos tos] [log | log-input] [time-range time-range-name]

Example:

access-list 101 permit tcp host 10.1.1.2 host 172.16.1.1 eq telnet 

Regards
Karuppu

KARUPPUCHAMY MA... Tue, 03/16/2010 - 23:28

Hi,

what is the source ip and where it is residing(inside of your firewall or outside) ??

what is the destination ip and where it is residing(inside of your firewall or outside) ??

not able to understand your questions...

Regards

Karuppu

KARUPPUCHAMY MA... Wed, 03/17/2010 - 18:16

Hi,

If you are using cisco firewalls PIX515/525/533 or ASA then the default rule is from high security level inerface(inside) to low security level(outside) everything is permitted.No need to add any access list to access anything from your inside to outside.

But you should have a proper NAT configuration in your firewall.

If you need more help, then paste your running configuration.

Regards

Karuppu

Kureli Sankar Thu, 03/18/2010 - 18:57

To make your  192.168.0.254 accessible via RDP you need to configure static

1. static (i,o) tcp interface 3389 192.168.0.254 3389 net 255.255.255.255

2. also provide permission via acl on the outside interface to allow traffic destined to your interface IP.

I want any IP on the LAN which is behind the firewall to access an IP 64.x.x.x outside the firewall

example any ip 192.168.0.1/24 to access ip 61.x.x.x on port 6999.

For the above you don' t need anything if you do not have an inside access-list applied IN on the inside interface. If you do have acl that you have applied on the inside interface then you need to permit this flow.

access-list inside-acl per tcp any ho 61.x.x.x eq 6999

-KS

Actions

This Discussion