https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4184312#M1075813 <P>I don't quite follow where you are accessing from.&nbsp; Is this from internet to a server? from inside interface to a DMZ?&nbsp; Please provide more details to what you are trying to achieve.</P> Mon, 16 Nov 2020 10:28:58 GMT Marius Gunnerud 2020-11-16T10:28:58Z https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4184309#M1075811 <P>Hi there,</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Dear Professionals, i am using cisco asa firewall 5520,</P><P>can anyone tell me how can i block all the ports for clients and give them access to some specific ports. please tel me.</P> Mon, 16 Nov 2020 10:26:54 GMT https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4184309#M1075811 Cash2106 2020-11-16T10:26:54Z https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4184312#M1075813 <P>I don't quite follow where you are accessing from.&nbsp; Is this from internet to a server? from inside interface to a DMZ?&nbsp; Please provide more details to what you are trying to achieve.</P> Mon, 16 Nov 2020 10:28:58 GMT https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4184312#M1075813 Marius Gunnerud 2020-11-16T10:28:58Z https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4184328#M1075819 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/319690">@Marius Gunnerud</a>&nbsp; suppose, in my network one client is using internet services from the Cisco ASA, connected through the inside interface network, and all i want is to block all ports on that client and only allow http, pop, smtp and any other specific port so client can use only allowed ports.</P> Mon, 16 Nov 2020 11:57:40 GMT https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4184328#M1075819 Cash2106 2020-11-16T11:57:40Z https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4184476#M1075872 <P>Object client&nbsp;</P><P>host ip</P><P>!</P><P>access list outbound permit tcp object client any eq http</P><P>!</P><P>access group Outbound in interface inside</P><P>&nbsp;</P><P>&nbsp;</P><P>this for make client only access http other traffic will drop at asa</P> Mon, 16 Nov 2020 21:10:52 GMT https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4184476#M1075872 MHM Cisco World 2020-11-16T21:10:52Z https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4184530#M1075878 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1065752">@MHM Cisco World</a>&nbsp; thanks for your concern, can you please tel me how i can do that in ASDM <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Tue, 17 Nov 2020 06:02:02 GMT https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4184530#M1075878 Cash2106 2020-11-17T06:02:02Z https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4185528#M1075942 <P><FONT color="#000000">All that is is an access-list permitting the host access towards the ports you want (client IP as source, any as destination, and destination port).&nbsp; Then directly below&nbsp; these allow rules you place a deny rule that has the client IP as source and any destination.&nbsp; I unfortunately do not have access to an ASDM at the moment if that is what you are using, but it is quite simple to do in both ASDM and CLI.&nbsp; Here is an example with the CLI:</FONT></P> <P><FONT color="#000000">access-list inside_in extended permit tcp host 1.2.3.4 any eq www</FONT></P> <P><FONT color="#000000">access-list inside_in extended permit tcp host 1.2.3.4 any eq pop3</FONT></P> <P><FONT color="#000000">access-list inside_in extended permit tcp host 1.2.3.4 any eq smtp</FONT></P> <P><FONT color="#000000">access-list inside_in extended deny ip host 1.2.3.4 any</FONT></P> <P><FONT color="#000000">access-list inside_in extended permit ip any any</FONT> <FONT color="#FF0000">&lt;--permit all other hosts full access</FONT></P> <P><FONT color="#000000">access-group inside_in in interface inside</FONT></P> <P><FONT color="#000000">If you already have an access-list configured on the interface then the last command is not needed.&nbsp; Just add the access list entries to the existing ACL</FONT></P> Wed, 18 Nov 2020 20:49:20 GMT https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4185528#M1075942 Marius Gunnerud 2020-11-18T20:49:20Z https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4185648#M1075957 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/319690">@Marius Gunnerud</a>&nbsp; can you please tel me how can i do that in ASDM because its easy for me to configure <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span> please tel me how can i configure it in GUI mode please............</P> Thu, 19 Nov 2020 04:28:15 GMT https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4185648#M1075957 Cash2106 2020-11-19T04:28:15Z https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4186333#M1075999 <P>Please see the attached file for access rule configuration through ASDM.</P> Fri, 20 Nov 2020 08:30:41 GMT https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4186333#M1075999 Marius Gunnerud 2020-11-20T08:30:41Z https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4186692#M1076009 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/319690">@Marius Gunnerud</a>you are a true Gem <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> ... thanks for your concern, i am really learning from everyone around, and i am getting more then what i expected from here to learn <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> thanks alot.</P> Fri, 20 Nov 2020 21:23:36 GMT https://community.cisco.com/t5/network-security/cisco-asa-port-access-amp-blocking/m-p/4186692#M1076009 Cash2106 2020-11-20T21:23:36Z