07-18-2008 06:23 AM - edited 03-11-2019 06:16 AM
Hi i use ASA 5520 all my clients on my LAN Jus go out for internet i use ip any any on my outside interface of ASA i dont want to use it CAN u please tell me the default ports that are to be permitted i know some what else can be used
www
ftp
ssh
3389 remote desktop service
07-18-2008 06:26 AM
any traffic from in to out is permitted by deafult, unless you apply an ACL.
any traffic from out to in has to be permitted in an ACL if you have something that needs to be served to the web (ie. ftp). you Never want permit ip any any frmo out to in!!
07-18-2008 07:06 AM
Hi,
Some common ports would be
http,https,dns,ftp,3389.. but better to enable logging and capture traffic logs.
This will help you to build the access-lists for allowing traffic from inside LAN.
And like the other person has mentioned, put ACL on the Outside .. allow only legitimate traffic from Out to in.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: