NEED TO OPEN PORTS IN ASA 5510

Answered Question
Jan 5th, 2010
User Badges:

I need to open/permit several ports on the firewall of our ASA 5510

Correct Answer by resoares about 7 years 4 months ago

Hi Walker,


Actually, you are trying to access an external host (.94), who has those 4 mentioned opened ports and your internal LAN must connected to this one, is that correct?


So, if Im correct, no configuration is needed and it should be working, because your ASA has a PAT configured and all the access have been configured properly to allow your internal LAN to reach the external one.


access-list FDLE_access_in extended permit object-group DM_INLINE_SERVICE_1 any FDLE_Network 255.255.255.240


Maybe you should check your PIX configuration.



BR,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
resoares Tue, 01/05/2010 - 06:16
User Badges:
  • Cisco Employee,

Hi,


From my understanding you just only allow those ports to be opened for some applications, is that right?



If the traffic comes from the Internet to your Internal LAN, you need to create the following ACL:




access-list FDLE_access_in extended permit tcp any host "ip address" eq 443 
access-list FDLE_access_in extended permit tcp any host "ip address" eq 80
access-list FDLE_access_in extended permit tcp any host "ip address" eq 5222
access-list FDLE_access_in extended permit tcp any host "ip address" eq 5223


You will also need to create a STATIC NAT entry for those hosts to allow external users to connect to the internal users, as follows:


static (BOCC,FDLE) tcp external ip address "80" internal ip address "80" netmask 255.255.255.255
static (BOCC,FDLE) tcp external ip address "443" internal ip address "443" netmask 255.255.255.255
static (BOCC,FDLE) tcp external ip address "5223" internal ip address "5223" netmask 255.255.255.255
static (BOCC,FDLE) tcp external ip address "5222" internal ip address "5222" netmask 255.255.255.255

BR,









crtsrvfdleasa Wed, 01/06/2010 - 06:17
User Badges:

Dear Renato


Thank you for answering my question. As I am only a neophyte working with ASA devices I may need further explanation on what to do.

solpandor Wed, 01/06/2010 - 06:36
User Badges:

Walker


am i right in saying that you need to open ports on the ASA going out from the BOCC N/W to the FDLE N/W?


BR

crtsrvfdleasa Wed, 01/06/2010 - 07:26
User Badges:

I need to open ports in the ASA so FDLE N/W apps will run correctly on the BOCC N/W.

Correct Answer
resoares Wed, 01/06/2010 - 06:53
User Badges:
  • Cisco Employee,

Hi Walker,


Actually, you are trying to access an external host (.94), who has those 4 mentioned opened ports and your internal LAN must connected to this one, is that correct?


So, if Im correct, no configuration is needed and it should be working, because your ASA has a PAT configured and all the access have been configured properly to allow your internal LAN to reach the external one.


access-list FDLE_access_in extended permit object-group DM_INLINE_SERVICE_1 any FDLE_Network 255.255.255.240


Maybe you should check your PIX configuration.



BR,

Actions

This Discussion