06-15-2010 02:51 PM - edited 03-11-2019 10:59 AM
We are adding an ASA 5505 to a network which contains older PIX 501 devices. I have been able to create most of what I need from the Pix onto the 5505 but I am stumed one place in particular: On the Pix there is a rule that alows any inside address to connect to a particular outside access via a specific RANGE of ports. I see no way on the ASA to do this. I don;t do much with CLI (yeah, I Know) and I am limited to ADSM interface.
Can someone help me with this. I think I have everything set up except this particular range service.
If someone wants to tell me this via CLI, that's fine too. But really assume I know nothing other than how to set up hyperterminal and get in via cable. I don;t know much beyond that.
06-15-2010 03:18 PM
Gary,
Can you post a screenshot of the rule from the PIX that you need on the ASA?
Federico.
06-15-2010 04:17 PM
06-15-2010 03:48 PM
The syntax is the same for the PIX for ACL rules. Here is an example
access-list text permit tcp host 10.10.10.1 any range 22 1022
that allows tcp from 10.10.10.1 to ports from 22 to 1022.
I hope it helps.
PK
06-15-2010 04:19 PM
I never set pix up and I have only used the ADSM interface. Not too familair with CLI although I am currently connected via hyperternmal. Wlk me thru? I feel sort of dumb but I am please I got as far as I have in ADSM by comparing the two interfaces. So be nice to me!
06-15-2010 08:31 PM
In ASDM you can go under the Access Rules section and just do Add. You will then Add an ACL for an interface (you will chose it in the drop down when you do Add) and you can set the range of ports for tcp protocol for example there. It is intuitive.
Here is the guide for ACLs with ASDM http://www.cisco.com/en/US/docs/security/asdm/6_2/user/guide/aclrules.html#wp1168198
PK
06-16-2010 09:12 AM
Thanks for the help. But the intuitive part is where I'm stuck!
I go in and choose Security Policy--->Access Rules---->Add. I have entered several other rules just fine here. but when i want to ad a specidic TCP port range??? I'm lost.
I see tcp protocal in the list to choose, and I even see source ports and destination ports in the table. But I can't modify these fileds. So there is no way for me to customice the TCP entry. And when i try creating a new group, it just does not make sense.
My pic is attached. How do I edit the range fields or create a custom TCP rule where I specify ranges??
06-16-2010 10:14 AM
I am attaching a snapshot of creating a rule with range of tcp port 78 to 79.
I think it should be clear now.
PK
06-16-2010 10:29 AM
Do I feel silly or what!!! Thank you!
06-16-2010 12:05 PM
No problem, we are all learning.
Please rate helpful posts.
Rgs,
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide