05-21-2010 01:32 AM - edited 03-11-2019 10:49 AM
Dear all,
I need to configure a access rule in ASA 5550 to permit microsoft AD/Exchange/IIS services, anyone has the idea what TCP/UDP ports to be opened?
Like other firewall they have predifined services object for these MS services, so is there any other way to configure the ASA to permit such services, for instance, use predefined objects if it has...
Thanks
DYBC2125
05-21-2010 02:30 AM
Most of this information can be found on microsoft's excellent knowledgebase pages (IF not part of well known services -> check /etc/services on most unix systes)
If in doubt, best to see what ASA is blocking, enable logging to buffer on informational level:
-------
logging time
logging buffer-size 1040000
logging buffere info
-------
Following this you can do:
-------
show logg | i Deny
-------
or
------
show logg | i $IP.ADD.RE.SS
-------
To see what is being denied :]
05-21-2010 04:58 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide