ASA 5505 and Destination Range Rule

Unanswered Question
Jun 15th, 2010

We are adding an ASA 5505 to a network which contains older PIX 501 devices.  I have been able to create most of what I need from the Pix onto the 5505 but I am stumed one place in particular:  On the Pix there is a rule that alows any inside address to connect to a particular outside access via a specific RANGE of ports.  I see no way on the ASA to do this.  I don;t do much with CLI (yeah, I Know) and I am limited to ADSM interface.

Can someone help me with this.  I think I have everything set up except this particular range service.

If someone wants to tell me this via CLI, that's fine too. But really assume I know nothing other than how to set up hyperterminal and get in via cable. I don;t know much beyond that.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Panos Kampanakis Tue, 06/15/2010 - 15:48

The syntax is the same for the PIX for ACL rules. Here is an example

access-list text permit tcp host any range 22 1022

that allows tcp from to ports from 22 to 1022.

I hope it helps.


wildwoodcc Tue, 06/15/2010 - 16:19

I never set pix up and I have only used the ADSM interface. Not too familair with CLI although I am currently connected via hyperternmal.  Wlk me thru? I feel sort of dumb but I am please I got as far as I have in ADSM by comparing the two interfaces. So be nice to me!

wildwoodcc Wed, 06/16/2010 - 09:12

Thanks for the help. But the intuitive part is where I'm stuck!

I go in and choose Security Policy--->Access Rules---->Add.  I have entered several other rules just fine here. but when i want to ad a specidic TCP port range??? I'm lost.

I see tcp protocal in the list to choose, and I even see source ports and destination ports in the table. But I can't modify these fileds.  So there is no way for me to customice the TCP entry.  And when i try creating a new group, it just does not make sense.

My pic is attached. How do I edit the range fields or create a custom TCP rule where I specify ranges??

Panos Kampanakis Wed, 06/16/2010 - 10:14

I am attaching a snapshot of creating a rule with range of tcp port 78 to 79.

I think it should be clear now.



This Discussion