Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Port forwarding/allowing ports on ASA 5520

I need to allow the following UDP port ranges for the Apple IMessaging app:

3478 through 3497 (UDP)
16384 through 16387 (UDP)
16393 through 16402 (UDP)

I think it would be inbound from the outside interface to any clients on the inside.

Everyone's tags (4)
4 REPLIES

Port forwarding/allowing ports on ASA 5520

Hello Sean,

What version are U Running?

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
Super Bronze

Re: Port forwarding/allowing ports on ASA 5520

Hi,

If you are running 8.3 (or above) software this should be easy. If you are running 8.2 (or below) this will mean a large amount of configurations since range of ports cant be forwarded in that software to my understanding.

For software level 8.3 (and above) the configuration would be

object service UDP-3478-3497

service udp source range 3478 3497

object service UDP-16384-16387

service udp source range 16384 16387

object service UDP-16393-16402

service udp source range 16393 16402

object network INTERNAL-HOST

host

nat (inside,outside) source static INTERNAL-HOST interface service UDP-3478-3497 UDP-3478-3497

nat (inside,outside) source static INTERNAL-HOST interface service UDP-16384-16387 UDP-16384-16387

nat (inside,outside) source static INTERNAL-HOST interface service UDP-16393-16402 UDP-16393-16402

For software level 8.2 (and below) the configuration would be

static (inside,outside) udp interface netmask 255.255.255.255

Hope this helps

- Jouni

New Member

Port forwarding/allowing ports on ASA 5520

I'm running ASA v8.2(5) and ASDM v6.4(5). There is no specific internal host...would that be the inside int of the ASA?

Super Bronze

Port forwarding/allowing ports on ASA 5520

Hi,

If you are doing Static PAT (Port Forwarding) then you are basically forwarding ports to a certain internal host.

If the actual hosts on the internal LAN are forming the connections outbound on these ports then you just have to allow the traffic in the interface ACL (unless already done so) and have a basic Dynamic PAT translation to a public IP address which you most likely have already

- Jouni

716
Views
0
Helpful
4
Replies