Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
274
Views
0
Helpful
2
Replies

Ports to be opened

sreekanth sarma
Level 1
Level 1

‎07-18-2008 06:23 AM - edited ‎03-11-2019 06:16 AM

Hi i use ASA 5520 all my clients on my LAN Jus go out for internet i use ip any any on my outside interface of ASA i dont want to use it CAN u please tell me the default ports that are to be permitted i know some what else can be used

www

ftp

ssh

3389 remote desktop service

Labels:
0 Helpful
2 Replies 2

Adam Frederick
Level 3
Level 3

‎07-18-2008 06:26 AM

any traffic from in to out is permitted by deafult, unless you apply an ACL.

any traffic from out to in has to be permitted in an ACL if you have something that needs to be served to the web (ie. ftp). you Never want permit ip any any frmo out to in!!

0 Helpful

dhananjoy chowdhury
Level 5
Level 5
In response to Adam Frederick

‎07-18-2008 07:06 AM

Hi,

Some common ports would be

http,https,dns,ftp,3389.. but better to enable logging and capture traffic logs.

This will help you to build the access-lists for allowing traffic from inside LAN.

And like the other person has mentioned, put ACL on the Outside .. allow only legitimate traffic from Out to in.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card