Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 8.4 Open Ports

I need some configuration assistance with an ASA running 8.4. I need to open ports for a video conferencing service. They have requested that we open the following ports for the IP address ranges I listed. How would I configure this?

Video Conferencing Service IP Address Range     

199.48.152.0/22

31.171.208.0/21

103.20.59.0/24

8.10.12.0/24

Ports that need to be opened

Outbound TCP Port 1720

Outbound TCP Ports 5000-5999

Outbound UDP Ports 5000-5999

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

ASA 8.4 Open Ports

Hi,

Well if you mean that you want to allow traffic from you LAN to WAN to those destination IP addresses with those destination ports then you could use

object-group network VIDEO-DESTINATION

network-object 199.48.152.0 255.255.252.0

network-object 31.171.208.0 255.255.248.0

network-object 103.20.59.0 255.255.255.0

network-object 8.10.12.0 255.255.255.0

access-list line 1 remark Video Conferencing Outbound

access-list line 2 permit tcp object-group VIDEO-DESTINATION eq 1720

access-list line 3 permit tcp object-group VIDEO-DESTINATION range 5000 5999

access-list line 4 permit udp object-group VIDEO-DESTINATION range 5000 5999

You would naturally use the ACL name of the ACL you are using on the local interface in the inbound direction.

I also used the line numbers to place the rules on the top of that ACL.

- Jouni

1 REPLY
Super Bronze

ASA 8.4 Open Ports

Hi,

Well if you mean that you want to allow traffic from you LAN to WAN to those destination IP addresses with those destination ports then you could use

object-group network VIDEO-DESTINATION

network-object 199.48.152.0 255.255.252.0

network-object 31.171.208.0 255.255.248.0

network-object 103.20.59.0 255.255.255.0

network-object 8.10.12.0 255.255.255.0

access-list line 1 remark Video Conferencing Outbound

access-list line 2 permit tcp object-group VIDEO-DESTINATION eq 1720

access-list line 3 permit tcp object-group VIDEO-DESTINATION range 5000 5999

access-list line 4 permit udp object-group VIDEO-DESTINATION range 5000 5999

You would naturally use the ACL name of the ACL you are using on the local interface in the inbound direction.

I also used the line numbers to place the rules on the top of that ACL.

- Jouni

216
Views
0
Helpful
1
Replies