Need to open ports in ASA5510

Answered Question
May 17th, 2010

We are setting up security camera system so would like to open Inbound Ports:80 and 443.  Also how do you reserve ip address in DHCP scope and create NAT beween private IP address and public IP addres.  I am new at this so can you please help me with the entries.

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 8 months ago

How many public ip address do you have? Are you using the outside interface ip address for NATing? or you have spare public ip address for the web camera NATing?

If your camera is connected to the inside interface, and for example having ip address of 10.1.1.5, and you only have 1 public ip address assigned to your outside interface, then you can configure the following:

static (inside,outside) tcp interface 80 10.1.1.5 80 netmask 255.255.255.255

static (inside,outside) tcp interface 443 10.1.1.5 443  netmask 255.255.255.255

However, if you have spare public ip address to use, you can configure 1 to 1 NATing for your web camera, and assuming your spare public ip address is 100.1.1.5:


static (inside,outside) 100.1.1.5 10.1.1.5 netmask 255.255.255.255

To allow inbound access, you would need to configure access-list. Double check if access-list is already assigned to the outside interface: sh run access-group.

If ACL is already assigned, use the same ACL name to add the above access.

Example:

access-list outside-acl permit tcp any interface outside eq 80

access-list outside-acl permit tcp any interface outside eq 443

OR/

access-list outside-acl permit tcp any host 100.1.1.5 eq 80

access-list outside-acl permit tcp any host 100.1.1.5 eq 443

Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Mon, 05/17/2010 - 20:33

How many public ip address do you have? Are you using the outside interface ip address for NATing? or you have spare public ip address for the web camera NATing?

If your camera is connected to the inside interface, and for example having ip address of 10.1.1.5, and you only have 1 public ip address assigned to your outside interface, then you can configure the following:

static (inside,outside) tcp interface 80 10.1.1.5 80 netmask 255.255.255.255

static (inside,outside) tcp interface 443 10.1.1.5 443  netmask 255.255.255.255

However, if you have spare public ip address to use, you can configure 1 to 1 NATing for your web camera, and assuming your spare public ip address is 100.1.1.5:


static (inside,outside) 100.1.1.5 10.1.1.5 netmask 255.255.255.255

To allow inbound access, you would need to configure access-list. Double check if access-list is already assigned to the outside interface: sh run access-group.

If ACL is already assigned, use the same ACL name to add the above access.

Example:

access-list outside-acl permit tcp any interface outside eq 80

access-list outside-acl permit tcp any interface outside eq 443

OR/

access-list outside-acl permit tcp any host 100.1.1.5 eq 80

access-list outside-acl permit tcp any host 100.1.1.5 eq 443

Hope that helps.

lawsuites Mon, 05/17/2010 - 20:39

thank you very much for the quick response and this exactly what i was looking for.  Let me try and will provide update.

Actions

This Discussion