https://community.cisco.com/t5/network-security/open-ports/m-p/947541#M939361 <HTML><HEAD></HEAD><BODY><P>If your techs are inside your LAN behind asa5505 firewall and are trying to connect to and outside server out in another location over internet you don't need to open up these ports for outbound connections.</P><P></P><P>On the other hand, if you are hosting a Stentor server behind asa5505 firewall and want to provide access for outsiders to access the hosting server on ports mentioned in your post this can be done as follows in firewall.</P><P></P><P>1- Piblic IP for a one-to-one NAT for local server so that can be accessible over internet.</P><P>2- Configure firewall tcp service ports </P><P>3- Configure firewall access rules </P><P></P><P>e.i assume </P><P>1- Public IP is 20.20.20.20, Local Stentor IP 10.10.10.10, server seating inside LAN.</P><P></P><P>static (inside,outside) 20.20.20.20 10.10.10.10 netmask 255.255.255.255</P><P></P><P>2- Configure TCP service group</P><P></P><P>object-group service Stent_server tcp</P><P>port-object eq 6464</P><P>port-object eq 7575</P><P>port-object eq https</P><P></P><P>3- Configure access list and apply to outside interface</P><P></P><P>access-list outside_access_in extended permit tcp any host 20.20.20.20 object-group Stent_serve</P><P>access-group outside_access_in in interface outside</P><P></P><P>HTH</P><P>Rgds</P><P>Jorge</P><P></P></BODY></HTML> Mon, 14 Apr 2008 02:02:12 GMT JORGE RODRIGUEZ 2008-04-14T02:02:12Z https://community.cisco.com/t5/network-security/open-ports/m-p/947540#M939360 <P>I need to open ports 6464, 7575 and 443 in my Cisco ASA 5505 so that techs in our office can access a hospitals Stentor Isight...Please help with abc steps. </P> Mon, 11 Mar 2019 12:30:39 GMT https://community.cisco.com/t5/network-security/open-ports/m-p/947540#M939360 L02731619z 2019-03-11T12:30:39Z https://community.cisco.com/t5/network-security/open-ports/m-p/947541#M939361 <HTML><HEAD></HEAD><BODY><P>If your techs are inside your LAN behind asa5505 firewall and are trying to connect to and outside server out in another location over internet you don't need to open up these ports for outbound connections.</P><P></P><P>On the other hand, if you are hosting a Stentor server behind asa5505 firewall and want to provide access for outsiders to access the hosting server on ports mentioned in your post this can be done as follows in firewall.</P><P></P><P>1- Piblic IP for a one-to-one NAT for local server so that can be accessible over internet.</P><P>2- Configure firewall tcp service ports </P><P>3- Configure firewall access rules </P><P></P><P>e.i assume </P><P>1- Public IP is 20.20.20.20, Local Stentor IP 10.10.10.10, server seating inside LAN.</P><P></P><P>static (inside,outside) 20.20.20.20 10.10.10.10 netmask 255.255.255.255</P><P></P><P>2- Configure TCP service group</P><P></P><P>object-group service Stent_server tcp</P><P>port-object eq 6464</P><P>port-object eq 7575</P><P>port-object eq https</P><P></P><P>3- Configure access list and apply to outside interface</P><P></P><P>access-list outside_access_in extended permit tcp any host 20.20.20.20 object-group Stent_serve</P><P>access-group outside_access_in in interface outside</P><P></P><P>HTH</P><P>Rgds</P><P>Jorge</P><P></P></BODY></HTML> Mon, 14 Apr 2008 02:02:12 GMT https://community.cisco.com/t5/network-security/open-ports/m-p/947541#M939361 JORGE RODRIGUEZ 2008-04-14T02:02:12Z https://community.cisco.com/t5/network-security/open-ports/m-p/947542#M939362 <HTML><HEAD></HEAD><BODY><P>Thank you. This was very informative However, I wonder why the IT guy at the hospital's radiology department was so definative about needing to open those outlined ports. I plan to speak with him in the morning. I believe he mentioned something about needing to have both outbound and inbound connections...</P></BODY></HTML> Mon, 14 Apr 2008 05:38:48 GMT https://community.cisco.com/t5/network-security/open-ports/m-p/947542#M939362 L02731619z 2008-04-14T05:38:48Z https://community.cisco.com/t5/network-security/open-ports/m-p/947543#M939363 <HTML><HEAD></HEAD><BODY><P>Like I said, outbound does not need to be permitted, unless you explicetly block outbound traffic in your firewall, once a source atempts a connection to a destination hosts outside fw tcp three way handchake is stablished and comminication between source and destination host flows. </P><P></P><P>In any case, post your findings/update.</P><P></P><P></P><P>Rgds</P><P>Jorge </P></BODY></HTML> Mon, 14 Apr 2008 19:31:28 GMT https://community.cisco.com/t5/network-security/open-ports/m-p/947543#M939363 JORGE RODRIGUEZ 2008-04-14T19:31:28Z