NEED TO OPEN PORTS IN ASA 5510

Answered Question
Jan 5th, 2010

I need to open/permit several ports on the firewall of our ASA 5510

I have this problem too.
0 votes
Correct Answer by resoares about 4 years 3 months ago

Hi Walker,

Actually, you are trying to access an external host (.94), who has those 4 mentioned opened ports and your internal LAN must connected to this one, is that correct?

So, if Im correct, no configuration is needed and it should be working, because your ASA has a PAT configured and all the access have been configured properly to allow your internal LAN to reach the external one.

access-list FDLE_access_in extended permit object-group DM_INLINE_SERVICE_1 any FDLE_Network 255.255.255.240

Maybe you should check your PIX configuration.

BR,

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
resoares Tue, 01/05/2010 - 06:16

Hi,

From my understanding you just only allow those ports to be opened for some applications, is that right?


If the traffic comes from the Internet to your Internal LAN, you need to create the following ACL:

access-list FDLE_access_in extended permit tcp any host "ip address" eq 443 
access-list FDLE_access_in extended permit tcp any host "ip address" eq 80
access-list FDLE_access_in extended permit tcp any host "ip address" eq 5222
access-list FDLE_access_in extended permit tcp any host "ip address" eq 5223


You will also need to create a STATIC NAT entry for those hosts to allow external users to connect to the internal users, as follows:


static (BOCC,FDLE) tcp external ip address "80" internal ip address "80" netmask 255.255.255.255
static (BOCC,FDLE) tcp external ip address "443" internal ip address "443" netmask 255.255.255.255
static (BOCC,FDLE) tcp external ip address "5223" internal ip address "5223" netmask 255.255.255.255
static (BOCC,FDLE) tcp external ip address "5222" internal ip address "5222" netmask 255.255.255.255

BR,









crtsrvfdleasa Wed, 01/06/2010 - 06:17

Dear Renato

Thank you for answering my question. As I am only a neophyte working with ASA devices I may need further explanation on what to do.

solpandor Wed, 01/06/2010 - 06:36

Walker

am i right in saying that you need to open ports on the ASA going out from the BOCC N/W to the FDLE N/W?

BR

crtsrvfdleasa Wed, 01/06/2010 - 07:26

I need to open ports in the ASA so FDLE N/W apps will run correctly on the BOCC N/W.

Correct Answer
resoares Wed, 01/06/2010 - 06:53

Hi Walker,

Actually, you are trying to access an external host (.94), who has those 4 mentioned opened ports and your internal LAN must connected to this one, is that correct?

So, if Im correct, no configuration is needed and it should be working, because your ASA has a PAT configured and all the access have been configured properly to allow your internal LAN to reach the external one.

access-list FDLE_access_in extended permit object-group DM_INLINE_SERVICE_1 any FDLE_Network 255.255.255.240

Maybe you should check your PIX configuration.

BR,

Actions

Login or Register to take actions

This Discussion

Posted January 5, 2010 at 6:02 AM
Stats:
Replies:5 Avg. Rating:5
Views:9766 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446