Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2091
Views
0
Helpful
5
Replies

Using ASDM on 5520 how do you allow only a range of ports 8900-9100

Go to solution
limarsh2514
Level 1
Level 1

‎09-08-2010 08:32 AM - edited ‎03-11-2019 11:37 AM

Am a very novice.Have set up the security rules and can pass and block devices by IP

address but want to further limit to only a range of ports to go through and can't seem to find any

where in documents that talks about how to do this.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Panos Kampanakis
Cisco Employee
Cisco Employee

‎09-08-2010 08:44 AM

On ASDM when you add an ACL line, in the protocol field you can put tcp/80-85, if for example you want to allow port range 80 to 85 for tcp.

I hope it helps.

PK

View solution in original post

0 Helpful

Go to solution
sachinga.hcl
Level 4
Level 4

‎09-08-2010 09:38 AM

HI Lee,

Kindly go through the following while configuring the ACL through ASDM:

Service—Choose this option to specify a port number, a range of ports, or a well-known service name or group from a list of services.

...—Lets you select, add, edit, delete, or find an existing service from a preconfigured list.

Protocol and Service—Specifies the protocol and service to which this ACE filter applies. Service groups let you identify multiple non-contiguous port numbers that you want the ACL to match. For example, if you want to filter HTTP, FTP, and port numbers 5, 8, and 9, define a service group that includes all these ports. Without service groups, you would have to create a separate rule for each port.

You can create service groups for TCP, UDP, TCP-UDP, ICMP, and other protocols. A service group with the TCP-UDP protocol contains services, ports, and ranges that might use either the TCP or UDP protocol.

–Protocol—Selects the protocol to which this rule applies. Possible values are ip, tcp, udp, icmp, and other. The remaining available fields in the Protocol and Service area depend upon the protocol you select. The next few bullets describe the consequences of each of these selections:

–Protocol: TCP and UDP—Selects the TCP/UDP protocol for the rule. The Source Port and Destination Port areas allow you to specify the ports that the ACL uses to match packets.

Source Port/Destination Port—(Available only for TCP and UDP protocols) Specifies an operator and a port number, a range of ports, or a well-known service name from a list of services, such as HTTP or FTP. The operator list specifies how the ACL matches the port. Choose one of the following operators: = (equals the port number), not = (does not equal the port number), > (greater than the port number), < (less than the port number), range (equal to one of the port numbers in the range).

–Group—(Available only for TCP and UDP protocols) Selects a source port service group. The Browse (...) button opens the Browse Source Port or Browse Destination Port dialog box.

–Protocol: ICMP—Lets you choose an ICMP type or ICMP group from a preconfigured list or browse (...) for an ICMP group. The Browse button opens the Browse ICMP dialog box.

–Protocol: IP—Specifies the IP protocol for the rule in the IP protocol box. No other fields are available when you make this selection.

–Protocol: Other—Lets you choose a protocol from a drop-down list, choose a protocol group from a drop-down list, or browse for a protocol group. The Browse (...) button opens the Browse Other dialog box.

For details in this regard go through the following link and then search range of ports.

https://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/svcrules.html

HTH

Sachin Garg

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Panos Kampanakis
Cisco Employee
Cisco Employee

‎09-08-2010 08:44 AM

On ASDM when you add an ACL line, in the protocol field you can put tcp/80-85, if for example you want to allow port range 80 to 85 for tcp.

I hope it helps.

PK

0 Helpful

Go to solution
limarsh2514
Level 1
Level 1
In response to Panos Kampanakis

‎09-08-2010 10:09 AM

Thank you for the assistance

0 Helpful

Go to solution
sachinga.hcl
Level 4
Level 4

‎09-08-2010 09:38 AM

HI Lee,

Kindly go through the following while configuring the ACL through ASDM:

Service—Choose this option to specify a port number, a range of ports, or a well-known service name or group from a list of services.

...—Lets you select, add, edit, delete, or find an existing service from a preconfigured list.

Protocol and Service—Specifies the protocol and service to which this ACE filter applies. Service groups let you identify multiple non-contiguous port numbers that you want the ACL to match. For example, if you want to filter HTTP, FTP, and port numbers 5, 8, and 9, define a service group that includes all these ports. Without service groups, you would have to create a separate rule for each port.

You can create service groups for TCP, UDP, TCP-UDP, ICMP, and other protocols. A service group with the TCP-UDP protocol contains services, ports, and ranges that might use either the TCP or UDP protocol.

–Protocol—Selects the protocol to which this rule applies. Possible values are ip, tcp, udp, icmp, and other. The remaining available fields in the Protocol and Service area depend upon the protocol you select. The next few bullets describe the consequences of each of these selections:

–Protocol: TCP and UDP—Selects the TCP/UDP protocol for the rule. The Source Port and Destination Port areas allow you to specify the ports that the ACL uses to match packets.

Source Port/Destination Port—(Available only for TCP and UDP protocols) Specifies an operator and a port number, a range of ports, or a well-known service name from a list of services, such as HTTP or FTP. The operator list specifies how the ACL matches the port. Choose one of the following operators: = (equals the port number), not = (does not equal the port number), > (greater than the port number), < (less than the port number), range (equal to one of the port numbers in the range).

–Group—(Available only for TCP and UDP protocols) Selects a source port service group. The Browse (...) button opens the Browse Source Port or Browse Destination Port dialog box.

–Protocol: ICMP—Lets you choose an ICMP type or ICMP group from a preconfigured list or browse (...) for an ICMP group. The Browse button opens the Browse ICMP dialog box.

–Protocol: IP—Specifies the IP protocol for the rule in the IP protocol box. No other fields are available when you make this selection.

–Protocol: Other—Lets you choose a protocol from a drop-down list, choose a protocol group from a drop-down list, or browse for a protocol group. The Browse (...) button opens the Browse Other dialog box.

For details in this regard go through the following link and then search range of ports.

https://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/svcrules.html

HTH

Sachin Garg

0 Helpful

Go to solution
limarsh2514
Level 1
Level 1
In response to sachinga.hcl

‎09-08-2010 10:09 AM

Thank you for the assistance

0 Helpful

Go to solution
Panos Kampanakis
Cisco Employee
Cisco Employee
In response to limarsh2514

‎09-08-2010 10:30 AM

Glad we could help.

PK

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card