cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


284
Views
5
Helpful
5
Replies
Highlighted
Frequent Contributor

Opening Port in ASA

Hi Everyone,

If i need to open specfic port on ASA so that it allow the traffic for that.

What are different ways to open port using CLI?

Thanks

Mahesh

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions

Opening Port in ASA

Hello Mahesh,

Lets say you have an internal host 192.168.12.2 that neeeds to be access on port 80 from the outside world.

We will use the outside interface (public IP) to access it

So configuration on ASA 8.2 will be:

static (inside,outside) tcp 192.168.12.2 80 interface 80

access-list outside_in permit tcp any host interface outside eq 80

access-group outside_in in interface outside

Now lets see it on a scenario where no nat is need it:

We have already an internal server with a public ip address 2.2.2.2 and that one needs to be access on port 80

no nat-control

access-list outside_in permit tcp any host 2.2.2.2 eq 80

access-group outside_in in interface outside

So basically if we already have a routable over the internet IP NAT will not be need it!

Remember to rate all of the answers that help ( if you need assistance on how to rate a post just let me know)

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
5 REPLIES 5

Opening Port in ASA

Hello,

Just to use an ACL and if NAT is required then just configure the right port-forwarding rule or NAT statement.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Frequent Contributor

Opening Port in ASA

Hi,

Thanks for reply.

Can you please give generic example config that shows how to  open port with or without NAT?

Regards

Mahesh

Opening Port in ASA

Hello Mahesh,

Lets say you have an internal host 192.168.12.2 that neeeds to be access on port 80 from the outside world.

We will use the outside interface (public IP) to access it

So configuration on ASA 8.2 will be:

static (inside,outside) tcp 192.168.12.2 80 interface 80

access-list outside_in permit tcp any host interface outside eq 80

access-group outside_in in interface outside

Now lets see it on a scenario where no nat is need it:

We have already an internal server with a public ip address 2.2.2.2 and that one needs to be access on port 80

no nat-control

access-list outside_in permit tcp any host 2.2.2.2 eq 80

access-group outside_in in interface outside

So basically if we already have a routable over the internet IP NAT will not be need it!

Remember to rate all of the answers that help ( if you need assistance on how to rate a post just let me know)

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Frequent Contributor

Opening Port in ASA

Hi Julio,

Thanks again

Regards

Mahesh

Opening Port in ASA

Hello,

My pleasure to help

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC