Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need to open ports in ASA5510

We are setting up security camera system so would like to open Inbound Ports:80 and 443.  Also how do you reserve ip address in DHCP scope and create NAT beween private IP address and public IP addres.  I am new at this so can you please help me with the entries.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Need to open ports in ASA5510

How many public ip address do you have? Are you using the outside interface ip address for NATing? or you have spare public ip address for the web camera NATing?

If your camera is connected to the inside interface, and for example having ip address of 10.1.1.5, and you only have 1 public ip address assigned to your outside interface, then you can configure the following:

static (inside,outside) tcp interface 80 10.1.1.5 80 netmask 255.255.255.255

static (inside,outside) tcp interface 443 10.1.1.5 443  netmask 255.255.255.255

However, if you have spare public ip address to use, you can configure 1 to 1 NATing for your web camera, and assuming your spare public ip address is 100.1.1.5:


static (inside,outside) 100.1.1.5 10.1.1.5 netmask 255.255.255.255

To allow inbound access, you would need to configure access-list. Double check if access-list is already assigned to the outside interface: sh run access-group.

If ACL is already assigned, use the same ACL name to add the above access.

Example:

access-list outside-acl permit tcp any interface outside eq 80

access-list outside-acl permit tcp any interface outside eq 443

OR/

access-list outside-acl permit tcp any host 100.1.1.5 eq 80

access-list outside-acl permit tcp any host 100.1.1.5 eq 443

Hope that helps.

2 REPLIES
Cisco Employee

Re: Need to open ports in ASA5510

How many public ip address do you have? Are you using the outside interface ip address for NATing? or you have spare public ip address for the web camera NATing?

If your camera is connected to the inside interface, and for example having ip address of 10.1.1.5, and you only have 1 public ip address assigned to your outside interface, then you can configure the following:

static (inside,outside) tcp interface 80 10.1.1.5 80 netmask 255.255.255.255

static (inside,outside) tcp interface 443 10.1.1.5 443  netmask 255.255.255.255

However, if you have spare public ip address to use, you can configure 1 to 1 NATing for your web camera, and assuming your spare public ip address is 100.1.1.5:


static (inside,outside) 100.1.1.5 10.1.1.5 netmask 255.255.255.255

To allow inbound access, you would need to configure access-list. Double check if access-list is already assigned to the outside interface: sh run access-group.

If ACL is already assigned, use the same ACL name to add the above access.

Example:

access-list outside-acl permit tcp any interface outside eq 80

access-list outside-acl permit tcp any interface outside eq 443

OR/

access-list outside-acl permit tcp any host 100.1.1.5 eq 80

access-list outside-acl permit tcp any host 100.1.1.5 eq 443

Hope that helps.

New Member

Re: Need to open ports in ASA5510

thank you very much for the quick response and this exactly what i was looking for.  Let me try and will provide update.

320
Views
0
Helpful
2
Replies
CreatePlease login to create content