Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
490
Views
0
Helpful
2
Replies

Need to open ports in ASA5510

Go to solution
lawsuites
Level 1
Level 1

‎05-17-2010 08:24 PM - edited ‎03-11-2019 10:46 AM

We are setting up security camera system so would like to open Inbound Ports:80 and 443.  Also how do you reserve ip address in DHCP scope and create NAT beween private IP address and public IP addres.  I am new at this so can you please help me with the entries.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎05-17-2010 08:33 PM

How many public ip address do you have? Are you using the outside interface ip address for NATing? or you have spare public ip address for the web camera NATing?

If your camera is connected to the inside interface, and for example having ip address of 10.1.1.5, and you only have 1 public ip address assigned to your outside interface, then you can configure the following:

static (inside,outside) tcp interface 80 10.1.1.5 80 netmask 255.255.255.255

static (inside,outside) tcp interface 443 10.1.1.5 443  netmask 255.255.255.255

However, if you have spare public ip address to use, you can configure 1 to 1 NATing for your web camera, and assuming your spare public ip address is 100.1.1.5:


static (inside,outside) 100.1.1.5 10.1.1.5 netmask 255.255.255.255

To allow inbound access, you would need to configure access-list. Double check if access-list is already assigned to the outside interface: sh run access-group.

If ACL is already assigned, use the same ACL name to add the above access.

Example:

access-list outside-acl permit tcp any interface outside eq 80

access-list outside-acl permit tcp any interface outside eq 443

OR/

access-list outside-acl permit tcp any host 100.1.1.5 eq 80

access-list outside-acl permit tcp any host 100.1.1.5 eq 443

Hope that helps.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎05-17-2010 08:33 PM

How many public ip address do you have? Are you using the outside interface ip address for NATing? or you have spare public ip address for the web camera NATing?

If your camera is connected to the inside interface, and for example having ip address of 10.1.1.5, and you only have 1 public ip address assigned to your outside interface, then you can configure the following:

static (inside,outside) tcp interface 80 10.1.1.5 80 netmask 255.255.255.255

static (inside,outside) tcp interface 443 10.1.1.5 443  netmask 255.255.255.255

However, if you have spare public ip address to use, you can configure 1 to 1 NATing for your web camera, and assuming your spare public ip address is 100.1.1.5:


static (inside,outside) 100.1.1.5 10.1.1.5 netmask 255.255.255.255

To allow inbound access, you would need to configure access-list. Double check if access-list is already assigned to the outside interface: sh run access-group.

If ACL is already assigned, use the same ACL name to add the above access.

Example:

access-list outside-acl permit tcp any interface outside eq 80

access-list outside-acl permit tcp any interface outside eq 443

OR/

access-list outside-acl permit tcp any host 100.1.1.5 eq 80

access-list outside-acl permit tcp any host 100.1.1.5 eq 443

Hope that helps.

0 Helpful

Go to solution
lawsuites
Level 1
Level 1
In response to Jennifer Halim

‎05-17-2010 08:39 PM

thank you very much for the quick response and this exactly what i was looking for.  Let me try and will provide update.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card