Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
0
Helpful
4
Replies

Access List on ASA5505

Go to solution
Steven Couture
Level 1
Level 1

‎08-31-2014 08:12 AM - last edited on ‎03-25-2019 05:53 PM by Community Manager

Here is a current access list on an ASA that I mange:

 

access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 7500
access-list outside_access_in_1 extended permit object RDP any object FileServer
access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53827
access-list outside_access_in_1 extended permit tcp any object New_Server eq 3389
access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53828
access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53829
access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53830
access-list outside_access_in_1 extended permit tcp any object New_Server eq 53850
access-list outside_access_in_1 extended permit tcp any object New_Server eq 53810
access-list outside_access_in_1 extended permit tcp any object New_Server eq 53855
access-list outside_access_in_1 extended permit tcp any object New_Server eq telnet
access-list outside_access_in_1 extended permit tcp any object New_Server eq 55443
access-list outside_access_in_1 extended permit tcp any object New_Server eq 7500
access-list outside_access_in_1 extended permit tcp any object DattoDevice eq ssh
access-list outside_access_in_1 extended permit udp any object DattoDevice eq ntp
access-list outside_access_in_1 extended permit icmp any object DattoDevice

 

I have highlighted the last three statements - are these correct?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎08-31-2014 10:30 AM

If you want to allow SSH/NTP and ICMP to DattoDevice, then these ACEs are correct.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Karsten Iwen
VIP
VIP

‎08-31-2014 10:30 AM

If you want to allow SSH/NTP and ICMP to DattoDevice, then these ACEs are correct.

0 Helpful

Go to solution
Steven Couture
Level 1
Level 1
In response to Karsten Iwen

‎08-31-2014 02:12 PM

Thank you.....can you tell me how to test these using packet tracer in the ASDM?

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Steven Couture

‎08-31-2014 02:21 PM

packet-tracer input outside tcp 1.2.3.4 1234 PUBLIC-IP-OF-DATTO-DEVICE 22

"1.2.3.4 1234" is just a random source-ip and port.

0 Helpful

Go to solution
Steven Couture
Level 1
Level 1
In response to Karsten Iwen

‎08-31-2014 03:15 PM

Thanks again -

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card