https://community.cisco.com/t5/network-security/cisco-asa-5510-cli-configuration/m-p/2642488#M196054 <P>Hello I am trying to create an object with a public IP address as a host and allow multiple udp ports to that host but cannot fine to seem the relevant documentation.</P><P>&nbsp;</P><P>When i create the object and try the service command under it does not allow me to put in udp/tcp protocol options.</P><P>&nbsp;</P><P>Any one can advise on how to configure this please?</P><P>&nbsp;</P><P>device details</P><P>&nbsp;</P><P>PID: ASA5510&nbsp;</P><P>&nbsp;</P><P>System image file is "disk0:/asa842-k8.bin"</P><P>&nbsp;</P><P>&nbsp;</P><P>Please let me know if you need any more details.</P><P>&nbsp;</P><P>thanks</P><P><BR />&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 12 Mar 2019 05:38:45 GMT Kaushik Ray 2019-03-12T05:38:45Z https://community.cisco.com/t5/network-security/cisco-asa-5510-cli-configuration/m-p/2642488#M196054 <P>Hello I am trying to create an object with a public IP address as a host and allow multiple udp ports to that host but cannot fine to seem the relevant documentation.</P><P>&nbsp;</P><P>When i create the object and try the service command under it does not allow me to put in udp/tcp protocol options.</P><P>&nbsp;</P><P>Any one can advise on how to configure this please?</P><P>&nbsp;</P><P>device details</P><P>&nbsp;</P><P>PID: ASA5510&nbsp;</P><P>&nbsp;</P><P>System image file is "disk0:/asa842-k8.bin"</P><P>&nbsp;</P><P>&nbsp;</P><P>Please let me know if you need any more details.</P><P>&nbsp;</P><P>thanks</P><P><BR />&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 12 Mar 2019 05:38:45 GMT https://community.cisco.com/t5/network-security/cisco-asa-5510-cli-configuration/m-p/2642488#M196054 Kaushik Ray 2019-03-12T05:38:45Z https://community.cisco.com/t5/network-security/cisco-asa-5510-cli-configuration/m-p/2642489#M196055 <P>Hi Kaushik,</P><P>This is how you define the object service:</P><P>object service test-list</P><P>service tcp source eq 8014</P><P>And below are the options. You cannot define all three of the below ports in one service. You can define range or equal or greater than etc.</P><P>ASA5585-2(config-service-object)# service tcp source ?</P><P>service-object mode commands/options:</P><P>&nbsp; eq&nbsp;&nbsp;&nbsp;&nbsp; Port equal to operator</P><P>&nbsp; gt&nbsp;&nbsp;&nbsp;&nbsp; Port greater than&nbsp; operator</P><P>&nbsp; lt&nbsp;&nbsp;&nbsp;&nbsp; Port less than operator</P><P>&nbsp; neq&nbsp;&nbsp;&nbsp; Port not equal to operator</P><P>&nbsp; range&nbsp; Port range operator</P><P>Then you can use this object service in access-list or NAT rule.</P><P>Regards,</P><P>Kanwal</P><P>Note: Please mark answers if they are helpful.</P> Mon, 16 Mar 2015 14:21:50 GMT https://community.cisco.com/t5/network-security/cisco-asa-5510-cli-configuration/m-p/2642489#M196055 Kanwaljeet Singh 2015-03-16T14:21:50Z https://community.cisco.com/t5/network-security/cisco-asa-5510-cli-configuration/m-p/2642490#M196056 <P>thanks I have setup something like this. is it fine or i need to amend something ?</P><P>Please let me know thanks</P><P>object network obj-Test<BR />&nbsp;host xxx.xxx.xxx.xxx</P><P><BR />object network obj-Test<BR />&nbsp;nat (inside,outside) static xxx.xxx.xxx.xxx</P><P>&nbsp;</P><P>access-list outside_acl extended permit ip host yyy.yyy.yyy.yyy host xxx.xxx.xxx.xxx<BR />access-list outside_acl extended permit ip host aaa.aaa.aaa.aaa host xxx.xxx.xxx.xxx</P><P>access-list outside_acl extended permit udp any host xxx.xxx.xxx.xxx range 20000 24000</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 16 Mar 2015 14:34:56 GMT https://community.cisco.com/t5/network-security/cisco-asa-5510-cli-configuration/m-p/2642490#M196056 Kaushik Ray 2015-03-16T14:34:56Z https://community.cisco.com/t5/network-security/cisco-asa-5510-cli-configuration/m-p/2642491#M196057 <P>Hi Kaushik,</P><P>I am not sure about your requirement but this command should allow udp access for the host and range you have mentioned.</P><P>Regards,</P><P>Kanwal</P><P>Note: Please mark answers if they are helpful.</P> Mon, 16 Mar 2015 22:07:47 GMT https://community.cisco.com/t5/network-security/cisco-asa-5510-cli-configuration/m-p/2642491#M196057 Kanwaljeet Singh 2015-03-16T22:07:47Z https://community.cisco.com/t5/network-security/cisco-asa-5510-cli-configuration/m-p/2642492#M196058 <P>Thanks Kanwal for your reply; one more thing i wanted to ask ; my host has been assigned a public ip address itself; in that case am i correct in doing a static nat to itself &nbsp;or that could cause issues?</P> Mon, 16 Mar 2015 23:41:11 GMT https://community.cisco.com/t5/network-security/cisco-asa-5510-cli-configuration/m-p/2642492#M196058 Kaushik Ray 2015-03-16T23:41:11Z https://community.cisco.com/t5/network-security/cisco-asa-5510-cli-configuration/m-p/2642493#M196059 <P>Hi Kaushik,</P><P>Yeah it should be fine if it is not natted anywhere else.&nbsp;</P><P>Regards,</P><P>Kanwal</P><P>Note: Please mark answers if they are helpful.</P> Wed, 18 Mar 2015 14:27:03 GMT https://community.cisco.com/t5/network-security/cisco-asa-5510-cli-configuration/m-p/2642493#M196059 Kanwaljeet Singh 2015-03-18T14:27:03Z