https://community.cisco.com/t5/network-security/open-port-5223-through-firewall/m-p/2209126#M349546 <HTML><HEAD></HEAD><BODY><P>Hello Kevin,</P><P></P><P>That should be all, what version do you have?</P><P></P><P>can you run a packet tracer?</P><P></P><P>packet in Outside tcp 65.74.157.196 1025 10.1.22.5 5223</P><P></P><P>Regards,</P><P></P><P>Felipe. </P></BODY></HTML> Tue, 21 May 2013 21:36:53 GMT lcambron 2013-05-21T21:36:53Z https://community.cisco.com/t5/network-security/open-port-5223-through-firewall/m-p/2209125#M349545 <P>I was hoping to get a little assistance in opening a port through our ASA 5510. I need to allow a tcp connection for IP 65.74.157.196 on port 5223 through our firewall to the subnet 10.1.12.0/24. </P><P></P><P>In the GUI, I created an access rule on our Outside interface with the source of 65.74.157.196 and the destination of 10.1.12.0/24 with the Service set to tcp 5223 and the Action is Permit.</P><P></P><P>Is there anything else I need to configure?</P> Tue, 12 Mar 2019 01:46:40 GMT https://community.cisco.com/t5/network-security/open-port-5223-through-firewall/m-p/2209125#M349545 Kevin Litman 2019-03-12T01:46:40Z https://community.cisco.com/t5/network-security/open-port-5223-through-firewall/m-p/2209126#M349546 <HTML><HEAD></HEAD><BODY><P>Hello Kevin,</P><P></P><P>That should be all, what version do you have?</P><P></P><P>can you run a packet tracer?</P><P></P><P>packet in Outside tcp 65.74.157.196 1025 10.1.22.5 5223</P><P></P><P>Regards,</P><P></P><P>Felipe. </P></BODY></HTML> Tue, 21 May 2013 21:36:53 GMT https://community.cisco.com/t5/network-security/open-port-5223-through-firewall/m-p/2209126#M349546 lcambron 2013-05-21T21:36:53Z https://community.cisco.com/t5/network-security/open-port-5223-through-firewall/m-p/2209127#M349547 <HTML><HEAD></HEAD><BODY><P>We are running 8.2.</P><P></P><P>This is what I have:</P><P></P><P><STRONG style="font-family: 'Droid Serif', Georgia, 'Times New Roman', serif; color: #222222; line-height: 20px; background-color: #ffffff;">ACL</STRONG></P><P><SPAN style="font-size: 10pt;">access-list Outside-ISP1_access_in extended permit tcp host RemoteServerIP any 5223</SPAN></P><P><BR style="font-family: 'Droid Serif', Georgia, 'Times New Roman', serif; color: #222222; line-height: 20px; background-color: #ffffff;" /></P><P> <STRONG style="font-family: 'Droid Serif', Georgia, 'Times New Roman', serif; color: #222222; line-height: 20px; background-color: #ffffff;">NAT</STRONG></P><P><SPAN style="font-size: 10pt;">static (Inside,Outside-ISP1) tcp interface 5223 10.1.12.55 5223 netmask 255.255.255.255</SPAN></P><P></P><P><SPAN style="font-size: 10pt;">10.1.12.55 is the inside address the remote server needs to communicate with on 5223</SPAN></P><P></P><P>I attached an image of the Packet Tracer results.</P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/7/0/6/139607-PacketTracker.JPG" class="jive-image" /></P></BODY></HTML> Wed, 22 May 2013 12:23:22 GMT https://community.cisco.com/t5/network-security/open-port-5223-through-firewall/m-p/2209127#M349547 Kevin Litman 2013-05-22T12:23:22Z https://community.cisco.com/t5/network-security/open-port-5223-through-firewall/m-p/2209128#M349548 <HTML><HEAD></HEAD><BODY><P>You need to allow the connection to the public IP, in this case seems like it is the ASA's outside interface IP, however you have "any" as the destination which should allow it.</P><P></P><P>Seems like there is a typo on the ACL, you are missing "eq"</P><P>access-list Outside-ISP1_access_in extended permit tcp host RemoteServerIP any <EM><STRONG>eq </STRONG></EM>5223</P><P></P><P>Has the ACL already been applied with the access-group command?</P><P></P><P>Regards,</P><P></P><P>Felipe. </P></BODY></HTML> Wed, 22 May 2013 16:17:30 GMT https://community.cisco.com/t5/network-security/open-port-5223-through-firewall/m-p/2209128#M349548 lcambron 2013-05-22T16:17:30Z https://community.cisco.com/t5/network-security/open-port-5223-through-firewall/m-p/2209129#M349549 <HTML><HEAD></HEAD><BODY><P>Sorry, I have an object defined for the server and the port. Below is the actual command that was entered. </P><P></P><P>access-list Outside-ISP1_access_in extended permit tcp host Geotrax_Jabber any object-group jabber_ssl</P></BODY></HTML> Wed, 22 May 2013 16:58:54 GMT https://community.cisco.com/t5/network-security/open-port-5223-through-firewall/m-p/2209129#M349549 Kevin Litman 2013-05-22T16:58:54Z https://community.cisco.com/t5/network-security/open-port-5223-through-firewall/m-p/2209130#M349550 <HTML><HEAD></HEAD><BODY><P>That should do it, as long as the object jabber_ssl has TCP port 5223.</P><P></P><P>Regards,</P><P></P><P>Felipe. </P></BODY></HTML> Thu, 23 May 2013 20:34:53 GMT https://community.cisco.com/t5/network-security/open-port-5223-through-firewall/m-p/2209130#M349550 lcambron 2013-05-23T20:34:53Z