Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ports to be opened

Hi i use ASA 5520 all my clients on my LAN Jus go out for internet i use ip any any on my outside interface of ASA i dont want to use it CAN u please tell me the default ports that are to be permitted i know some what else can be used

www

ftp

ssh

3389 remote desktop service

2 REPLIES
New Member

Re: Ports to be opened

any traffic from in to out is permitted by deafult, unless you apply an ACL.

any traffic from out to in has to be permitted in an ACL if you have something that needs to be served to the web (ie. ftp). you Never want permit ip any any frmo out to in!!

Re: Ports to be opened

Hi,

Some common ports would be

http,https,dns,ftp,3389.. but better to enable logging and capture traffic logs.

This will help you to build the access-lists for allowing traffic from inside LAN.

And like the other person has mentioned, put ACL on the Outside .. allow only legitimate traffic from Out to in.

98
Views
0
Helpful
2
Replies