Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACL allow port range - ASA 5505

Is there a command to allow a range of ports or all ports to pass through? I can allow individual ports with an eq statement (eq smtp, eq 3389, etc.), but I need to allow a wide range (or all)from one specific IP address through to one specific server. Thanks.

3 REPLIES
New Member

Re: ACL allow port range - ASA 5505

yes, you can use the range command.

eg:

access-list dmz_access_in extended permit tcp host WEB host EXT-WEB range 8500 9000

New Member

Re: ACL allow port range - ASA 5505

Thanks! Just curious - is there a command to allow all ports or do you just need to expand the range to incluse all?

Green

Re: ACL allow port range - ASA 5505

For all tcp ports just do...

access-list dmz_access_in extended permit tcp host WEB host EXT-WEB

or all udp ports...

access-list dmz_access_in extended permit udp host WEB host EXT-WEB

or both

access-list dmz_access_in extended permit ip host WEB host EXT-WEB

7143
Views
5
Helpful
3
Replies