Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASDM port forward range

I'm new to Cisco and I'm having a little trouble trying to figure out how to port forward a range of ports. I have successfully port forwarded 80 and 22 to an internal server but I can't seem to find out where to enter a range. I'm running ASDM 5.2..

We have a Freepbx server and I need to forward from 63.175.158.121 to 192.168.100.121 the follwoing port ranges:

5060~5082

10000~20000

Thanks for any help.

Everyone's tags (1)
5 REPLIES
Cisco Employee

Re: ASDM port forward range

Hello Anthony,

This is Mike, Unless you are in version 8.3 you will be able to do a port forward with a range of ports. No other version support this.

Mike

Mike
New Member

Re: ASDM port forward range

I have ASA 5505 Version 8.2(1) with ASDM Version 6.2(1).

I was able to forward SIP port 5060 but need to forward RTP ports which has a range of 10000-20000. Is there any way to do this?

Cisco Employee

Re: ASDM port forward range

Hello Deepak,

As Maykol suggested, this is only possible with ASA 8,3 code. You will have to do static NAT on ASA 8.2 or lower.

Hope this helps. Please reply back if you need any further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

New Member

Re: ASDM port forward range

Hi Chirag,

Thanks for the reply.

I dont know how to do it using command line interface. I need to allow incoming and outgoing traffic on these UDP ports 5060(for sip), 5061(for sip) and 10000-20000(for rtp). Do we create just an access list to forward these port or do we have to also create firewall rule? Any idea what these command will be?

Thank you,

Deepak

Cisco Employee

Re: ASDM port forward range

Hello Deepak,

Here is a sample config. Make service objects and use range rather than eq.

5500-60(config-service-object)# object service range1
5500-60(config-service-object)# service tcp source range 5000 5100

Hope this helps. Please reply back if you need any further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

3794
Views
13
Helpful
5
Replies
CreatePlease to create content