ASA 5505 and Destination Range Rule

Unanswered Question
Jun 15th, 2010
User Badges:

We are adding an ASA 5505 to a network which contains older PIX 501 devices.  I have been able to create most of what I need from the Pix onto the 5505 but I am stumed one place in particular:  On the Pix there is a rule that alows any inside address to connect to a particular outside access via a specific RANGE of ports.  I see no way on the ASA to do this.  I don;t do much with CLI (yeah, I Know) and I am limited to ADSM interface.

Can someone help me with this.  I think I have everything set up except this particular range service.

If someone wants to tell me this via CLI, that's fine too. But really assume I know nothing other than how to set up hyperterminal and get in via cable. I don;t know much beyond that.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Tue, 06/15/2010 - 15:18
User Badges:
  • Green, 3000 points or more


Can you post a screenshot of the rule from the PIX that you need on the ASA?


Panos Kampanakis Tue, 06/15/2010 - 15:48
User Badges:
  • Cisco Employee,

The syntax is the same for the PIX for ACL rules. Here is an example

access-list text permit tcp host any range 22 1022

that allows tcp from to ports from 22 to 1022.

I hope it helps.


wildwoodcc Tue, 06/15/2010 - 16:19
User Badges:

I never set pix up and I have only used the ADSM interface. Not too familair with CLI although I am currently connected via hyperternmal.  Wlk me thru? I feel sort of dumb but I am please I got as far as I have in ADSM by comparing the two interfaces. So be nice to me!

Panos Kampanakis Tue, 06/15/2010 - 20:31
User Badges:
  • Cisco Employee,

In ASDM you can go under the Access Rules section and just do Add. You will then Add an ACL for an interface (you will chose it in the drop down when you do Add) and you can set the range of ports for tcp protocol for example there. It is intuitive.

Here is the guide for ACLs with ASDM


wildwoodcc Wed, 06/16/2010 - 09:12
User Badges:

Thanks for the help. But the intuitive part is where I'm stuck!

I go in and choose Security Policy--->Access Rules---->Add.  I have entered several other rules just fine here. but when i want to ad a specidic TCP port range??? I'm lost.

I see tcp protocal in the list to choose, and I even see source ports and destination ports in the table. But I can't modify these fileds.  So there is no way for me to customice the TCP entry.  And when i try creating a new group, it just does not make sense.

My pic is attached. How do I edit the range fields or create a custom TCP rule where I specify ranges??

Panos Kampanakis Wed, 06/16/2010 - 10:14
User Badges:
  • Cisco Employee,

I am attaching a snapshot of creating a rule with range of tcp port 78 to 79.

I think it should be clear now.


Panos Kampanakis Wed, 06/16/2010 - 12:05
User Badges:
  • Cisco Employee,

No problem, we are all learning.

Please rate helpful posts.




This Discussion