cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
506
Views
5
Helpful
5
Replies

Opening Port in ASA

mahesh18
Level 6
Level 6

Hi Everyone,

If i need to open specfic port on ASA so that it allow the traffic for that.

What are different ways to open port using CLI?

Thanks

Mahesh

1 Accepted Solution

Accepted Solutions

Hello Mahesh,

Lets say you have an internal host 192.168.12.2 that neeeds to be access on port 80 from the outside world.

We will use the outside interface (public IP) to access it

So configuration on ASA 8.2 will be:

static (inside,outside) tcp 192.168.12.2 80 interface 80

access-list outside_in permit tcp any host interface outside eq 80

access-group outside_in in interface outside

Now lets see it on a scenario where no nat is need it:

We have already an internal server with a public ip address 2.2.2.2 and that one needs to be access on port 80

no nat-control

access-list outside_in permit tcp any host 2.2.2.2 eq 80

access-group outside_in in interface outside

So basically if we already have a routable over the internet IP NAT will not be need it!

Remember to rate all of the answers that help ( if you need assistance on how to rate a post just let me know)

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

5 Replies 5

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

Just to use an ACL and if NAT is required then just configure the right port-forwarding rule or NAT statement.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi,

Thanks for reply.

Can you please give generic example config that shows how to  open port with or without NAT?

Regards

Mahesh

Hello Mahesh,

Lets say you have an internal host 192.168.12.2 that neeeds to be access on port 80 from the outside world.

We will use the outside interface (public IP) to access it

So configuration on ASA 8.2 will be:

static (inside,outside) tcp 192.168.12.2 80 interface 80

access-list outside_in permit tcp any host interface outside eq 80

access-group outside_in in interface outside

Now lets see it on a scenario where no nat is need it:

We have already an internal server with a public ip address 2.2.2.2 and that one needs to be access on port 80

no nat-control

access-list outside_in permit tcp any host 2.2.2.2 eq 80

access-group outside_in in interface outside

So basically if we already have a routable over the internet IP NAT will not be need it!

Remember to rate all of the answers that help ( if you need assistance on how to rate a post just let me know)

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi Julio,

Thanks again

Regards

Mahesh

Hello,

My pleasure to help

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: