topic Re: Block Inbound Port 80 in Network Security

Block Inbound Port 80

DAvelarNIC — Fri, 21 Feb 2020 16:11:32 GMT

Hello,

I have been trying to figure out how to block port 80 from outside my network to a specific server. I want to allow only port 8081 to be accessed. Currently when I setup an access rule to block http it blocks all access to the server from outside the network coming in. Is it possible to block only port 80 and allow 8081 or block all ports and allow 8081? This is on a Cisco ASA 5545. Thanks in advance for any help.

Re: Block Inbound Port 80

Rob Ingram — Tue, 04 Sep 2018 17:44:13 GMT

Hi,
Example below, should permit anybody on the internet to access the server on port 8081, this example uses static NAT. You'll need to amend the ip addresses and potentially the name of the interfaces (inside/outside) to fit your environment.

object network SERVER
host 192.168.250.2
nat (INSIDE,OUTSIDE) static 1.1.1.10 service 80 8081

access-list OUTSIDE_IN permit tcp any host 192.168.250.2 eq 80
access-group OUTSIDE_IN in interface OUTSIDE

HTH

Re: Block Inbound Port 80

DAvelarNIC — Tue, 04 Sep 2018 21:09:27 GMT

Thank you for the response. I will give it a shot. Much appreciated.