topic Re: Open Port on ASA 5510 in Network Security

Open Port on ASA 5510

samz — Mon, 11 Mar 2019 17:22:44 GMT

Hi,

I need to open a port so that one of our user's can access and application externally which uses port 6999.

How would I open the port so that the user can access the server using port 6999.

Thanks

Re: Open Port on ASA 5510

KARUPPUCHAMY MALAIYANDI — Wed, 17 Mar 2010 05:55:16 GMT

Hi,

is the user is trying to access this application from outside to your network ??. If yes, write the extended acl and apply that acl into your outside interface,

access-list access-list-number [dynamic dynamic-name [timeout minutes]]{deny | permit} tcp source source-wildcard [operator port]] destination destination-wildcard [operator [port]] [established][precedence precedence] [tos tos] [log | log-input] [time-range time-range-name]

Example:

access-list 101 permit tcp host 10.1.1.2 host 172.16.1.1 eq telnet 

Regards
Karuppu

Re: Open Port on ASA 5510

samz — Wed, 17 Mar 2010 05:59:12 GMT

Hi,

No the user is inside the network (LAN).

How do I enable any user or IP on the lan to access that port.

Thanks

Re: Open Port on ASA 5510

KARUPPUCHAMY MALAIYANDI — Wed, 17 Mar 2010 06:28:05 GMT

Hi,

what is the source ip and where it is residing(inside of your firewall or outside) ??

what is the destination ip and where it is residing(inside of your firewall or outside) ??

not able to understand your questions...

Regards

Karuppu

Re: Open Port on ASA 5510

samz — Wed, 17 Mar 2010 06:31:58 GMT

Hi,

I want any IP on the LAN which is behind the firewall to access an IP 64.x.x.x outside the firewall

example any ip 192.168.0.1/24 to access ip 61.x.x.x on port 6999.

I also need to set up rdp to ip 192.168.0.254 which resided inside the firewall.

The IP of the firewall is 192.168.0.x

Thanks

Re: Open Port on ASA 5510

samz — Thu, 18 Mar 2010 00:56:54 GMT

Do you have an update on this issue.

Thanks

Sam

Sent from my iPhone

On 17/03/2010, at 5:28 PM, "foreverkaruppu"

Re: Open Port on ASA 5510

KARUPPUCHAMY MALAIYANDI — Thu, 18 Mar 2010 01:16:46 GMT

Hi,

If you are using cisco firewalls PIX515/525/533 or ASA then the default rule is from high security level inerface(inside) to low security level(outside) everything is permitted.No need to add any access list to access anything from your inside to outside.

But you should have a proper NAT configuration in your firewall.

If you need more help, then paste your running configuration.

Regards

Karuppu

Re: Open Port on ASA 5510

samz — Fri, 19 Mar 2010 00:44:22 GMT

Hi,

I have attached a copy of the config file.

Thanks for your help and talk soon.

Sam

Re: Open Port on ASA 5510

Kureli Sankar — Fri, 19 Mar 2010 01:57:00 GMT

To make your 192.168.0.254 accessible via RDP you need to configure static

1. static (i,o) tcp interface 3389 192.168.0.254 3389 net 255.255.255.255

2. also provide permission via acl on the outside interface to allow traffic destined to your interface IP.

I want any IP on the LAN which is behind the firewall to access an IP 64.x.x.x outside the firewall

example any ip 192.168.0.1/24 to access ip 61.x.x.x on port 6999.

For the above you don' t need anything if you do not have an inside access-list applied IN on the inside interface. If you do have acl that you have applied on the inside interface then you need to permit this flow.

access-list inside-acl per tcp any ho 61.x.x.x eq 6999

-KS

Re: Open Port on ASA 5510

samz — Fri, 19 Mar 2010 02:11:22 GMT

Hi,

I am a novice when it comes to cisco, what command/s do I need to type to set the RDP access up.

Thanks

Sam

Re: Open Port on ASA 5510

samz — Tue, 23 Mar 2010 12:20:52 GMT

Hi,

I tried the command suggested " access-list inside-acl per tcp any ho 58.96.29.214 eq 6999" but still the software can't connect to the server (on the internet) using port 6999.

Any other suggestions.

Regards,

Sam

Re: Open Port on ASA 5510

ebonnie — Mon, 06 Jan 2020 13:32:39 GMT

Hi,

I have a requirement for port opening.. Customer only shared below info

Connect24 : 172.192.x.x Port : 1756

WEB service : 172.192.x.x Port : 2556

How can I do this from ASDM

Re: Open Port on ASA 5510

ebonnie — Tue, 01 Oct 2024 06:21:07 GMT

Hi Sam

To allow external access to an application running on port 6999, you need to configure NAT and an Access Control List to permit the incoming traffic on port 6999. Pls follow the below syntax and replace the IPs accordingly as per your network setup. The NAT rule will map incoming traffic on the ASA’s public IP address to the internal

serverciscoasa(config)# object network obj-server
ciscoasa(config-network-object)# host 192.168.1.100
ciscoasa(config-network-object)# nat (inside,outside) static interface service tcp 6999 6999

ciscoasa(config)# access-list outside_access_in extended permit tcp any host 154.0.128.170 eq 6999

ciscoasa(config)# access-group outside_access_in in interface outside

ciscoasa(config)# write memory

test and let me know if you need anything else.