Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

'any' destination port on access-list

I am looking for an option to allow me using 'ANY' keyword for destination port on the extended access-list. With and without object-group, I don't see any such option on ASA. I can only see port-object range 0-65535 that can be used for this purpose. Is that how it should be ?

1 REPLY
New Member

Re: 'any' destination port on access-list

Hi,

I'm going to assume here you're trying to allow either TCP or UDP connections, but not both.

In the case you'd like to allow TCP connections on any ports, without using an object-group you can do:

access-list acl-inbound extended permit tcp any any

In the above example, you would be allowing TCP connections from any source host to any destination hosts, regardless of what port they're coming from. Of course, source/destination can be replaced by IPs and tcp can be substitued with udp.

150
Views
0
Helpful
1
Replies
CreatePlease to create content