Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
christophe.rossie
christophe.rossie
Community Member
‎02-24-2012 05:05 PM
‎02-24-2012 05:05 PM

Port Triggering

Just wanted to verify that this is how to accomplish port triggering under IOS:

https://supportforums.cisco.com/thread/32968

Also, if wanting to trigger multiple ports just adding another line to the ACL is sufficient, or specifying "range" whether it's tcp or udp. As in, no need in creating a new ACL for every port that you want forwarded, and with it a new route-map.

Thanks!

Labels:
Everyone's tags (4)
0 Helpful
Reply
2 REPLIES
christophe.rossie
christophe.rossie
Community Member
‎02-28-2012 08:47 AM
‎02-28-2012 08:47 AM

Port Triggering

Will Reflexive ACLs accomplish port triggering for say XBOX Live, MMoRPGs, or any other program that multiple users on the same network may require the inbound ports to be dynamically allowed through the router once a session has been initiated by an internal user.

Obviously restricting which ports can be dynamically "reflected".

Found this link:

http://www.netcraftsmen.net/resources/archived-articles/432.html

0 Helpful
Reply
christophe.rossie
christophe.rossie
Community Member
‎02-29-2012 06:51 AM
‎02-29-2012 06:51 AM

Port Triggering

I think I'm on the right track, but the next question I have is because I have PAT being used on my WAN interface is the placement of my temporary ACL. The outbound ACL for monitoring, if placed on the outbound for that interface should be looking at the ip:port post PAT, correct? So, should I be placing the outbound temporary ACL on my internal interface, and the inbound ACL on the WAN interface? Or am I just completely lost.

Thanks!

0 Helpful
Reply
Latest Documents
Snort IPS on ISR, ISRv and CSR - Step-By-Step Configuration
Created by Kureli Sankar on 04-19-2018 11:25 AM
0
0
0
0
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin... view more
Upgrade Chassis Manager (FXOS)
Created by Jeet Kumar on 02-23-2018 02:51 AM
2
15
2
15
    Login to the FXOS chassis manager. Direct your browser to https://hostname/, and log-in using the user-name and password.     Go to Help > About and check the current version:    Check the current version availa... view more
ASA 5506-X with ipv6 no access to internet
Created by Klaxel on 02-08-2018 01:25 AM
3
5
3
5
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6. In Syslog I also se... view more
All Documents
2360
Views
0
Helpful
2
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
AnyConnect Certificate Based Authentication.
Created by Marvin Ruiz on 08-27-2012 05:20 PM
36
70
36
70
BLOG (No Title)
Created by athukral on 06-14-2011 04:23 AM
15
35
15
35
Wireless Hacking
Created by Anim Saxena on 01-24-2013 07:56 AM
2
20
2
20
All Blogs