Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NEED TO OPEN PORTS IN ASA 5510

I need to open/permit several ports on the firewall of our ASA 5510

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: NEED TO OPEN PORTS IN ASA 5510

Hi Walker,

Actually, you are trying to access an external host (.94), who has those 4 mentioned opened ports and your internal LAN must connected to this one, is that correct?

So, if Im correct, no configuration is needed and it should be working, because your ASA has a PAT configured and all the access have been configured properly to allow your internal LAN to reach the external one.

access-list FDLE_access_in extended permit object-group DM_INLINE_SERVICE_1 any FDLE_Network 255.255.255.240

Maybe you should check your PIX configuration.

BR,

5 REPLIES
Cisco Employee

Re: NEED TO OPEN PORTS IN ASA 5510

Hi,

From my understanding you just only allow those ports to be opened for some applications, is that right?


If the traffic comes from the Internet to your Internal LAN, you need to create the following ACL:

access-list FDLE_access_in extended permit tcp any host "ip address" eq 443 
access-list FDLE_access_in extended permit tcp any host "ip address" eq 80
access-list FDLE_access_in extended permit tcp any host "ip address" eq 5222
access-list FDLE_access_in extended permit tcp any host "ip address" eq 5223


You will also need to create a STATIC NAT entry for those hosts to allow external users to connect to the internal users, as follows:


static (BOCC,FDLE) tcp external ip address "80" internal ip address "80" netmask 255.255.255.255
static (BOCC,FDLE) tcp external ip address "443" internal ip address "443" netmask 255.255.255.255
static (BOCC,FDLE) tcp external ip address "5223" internal ip address "5223" netmask 255.255.255.255
static (BOCC,FDLE) tcp external ip address "5222" internal ip address "5222" netmask 255.255.255.255

BR,









New Member

Re: NEED TO OPEN PORTS IN ASA 5510

Dear Renato

Thank you for answering my question. As I am only a neophyte working with ASA devices I may need further explanation on what to do.

New Member

Re: NEED TO OPEN PORTS IN ASA 5510

Walker

am i right in saying that you need to open ports on the ASA going out from the BOCC N/W to the FDLE N/W?

BR

New Member

Re: NEED TO OPEN PORTS IN ASA 5510

I need to open ports in the ASA so FDLE N/W apps will run correctly on the BOCC N/W.

Cisco Employee

Re: NEED TO OPEN PORTS IN ASA 5510

Hi Walker,

Actually, you are trying to access an external host (.94), who has those 4 mentioned opened ports and your internal LAN must connected to this one, is that correct?

So, if Im correct, no configuration is needed and it should be working, because your ASA has a PAT configured and all the access have been configured properly to allow your internal LAN to reach the external one.

access-list FDLE_access_in extended permit object-group DM_INLINE_SERVICE_1 any FDLE_Network 255.255.255.240

Maybe you should check your PIX configuration.

BR,

16922
Views
0
Helpful
5
Replies