We are adding an ASA 5505 to a network which contains older PIX 501 devices. I have been able to create most of what I need from the Pix onto the 5505 but I am stumed one place in particular: On the Pix there is a rule that alows any inside address to connect to a particular outside access via a specific RANGE of ports. I see no way on the ASA to do this. I don;t do much with CLI (yeah, I Know) and I am limited to ADSM interface.
Can someone help me with this. I think I have everything set up except this particular range service.
If someone wants to tell me this via CLI, that's fine too. But really assume I know nothing other than how to set up hyperterminal and get in via cable. I don;t know much beyond that.
The syntax is the same for the PIX for ACL rules. Here is an example
access-list text permit tcp host 10.10.10.1 any range 22 1022
that allows tcp from 10.10.10.1 to ports from 22 to 1022.
I hope it helps.
I never set pix up and I have only used the ADSM interface. Not too familair with CLI although I am currently connected via hyperternmal. Wlk me thru? I feel sort of dumb but I am please I got as far as I have in ADSM by comparing the two interfaces. So be nice to me!
In ASDM you can go under the Access Rules section and just do Add. You will then Add an ACL for an interface (you will chose it in the drop down when you do Add) and you can set the range of ports for tcp protocol for example there. It is intuitive.
Here is the guide for ACLs with ASDM http://www.cisco.com/en/US/docs/security/asdm/6_2/user/guide/aclrules.html#wp1168198
Thanks for the help. But the intuitive part is where I'm stuck!
I go in and choose Security Policy--->Access Rules---->Add. I have entered several other rules just fine here. but when i want to ad a specidic TCP port range??? I'm lost.
I see tcp protocal in the list to choose, and I even see source ports and destination ports in the table. But I can't modify these fileds. So there is no way for me to customice the TCP entry. And when i try creating a new group, it just does not make sense.
My pic is attached. How do I edit the range fields or create a custom TCP rule where I specify ranges??