ASA: what are the TCP ports to be permitted for microsoft AD/Exchange/IIS?

Unanswered Question
May 21st, 2010

Dear all,

I need to configure a access rule in ASA 5550 to permit microsoft AD/Exchange/IIS services, anyone has the idea what TCP/UDP ports to be opened?

Like other firewall they have predifined services object for these MS services, so is there any other way to configure the ASA to permit such services, for instance, use predefined objects if it has...



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marcin Latosiewicz Fri, 05/21/2010 - 02:30

Most of this information can be found on microsoft's excellent knowledgebase pages (IF not part of well known services -> check /etc/services on most unix systes)

If in doubt, best to see what ASA is blocking, enable logging to buffer on informational level:


logging time

logging buffer-size 1040000

logging buffere info


Following this you can do:


show logg | i Deny




show logg | i $IP.ADD.RE.SS


To see what is being denied :]


This Discussion