Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Forward a range of ports ASA 7.2

Need to forward a range of ports from the outside to the inside. I have statics in there and ACLs that are forwarding one port per ACL. Now I have a VOIP adapter and it wants a range of ports forwarded to it.

Thanks everyone

3 REPLIES
Silver

Re: Forward a range of ports ASA 7.2

You need to create a service object-group with the range needed. In your inbound ACL you use the object-group instead of the port.

Service object-group

http://www.cisco.com/en/US/customer/docs/security/asa/asa72/configuration/guide/traffic.html#wp1042251

Example:

object-group service VOIP udp

port-object range 1000 2000

access-list outside->inside permit udp any external_IP object-group VOIP

Hope this helps!

Chad

Please rate if helpful.

Gold

Re: Forward a range of ports ASA 7.2

or...

access-list outside_acl permit tcp any host x.x.x.x range 1-10

as an example...

unless you're going to reuse the object-group in another acl entry, you dont need it.

New Member

Re: Forward a range of ports ASA 7.2

Hope You don't mind if I join the discussion...

Ok for the access list use of object groups and range options, this takes care of the filter issue and surely works if you have a static nat statement, but what if you have port forwarding instead of static nat, is there a similar "trick" in order to forward a entire range of ports in a single statement?

Tnx,

Max.

230
Views
0
Helpful
3
Replies