cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
569
Views
0
Helpful
5
Replies

ASA Firewall with 8.4 ver

Dear,

How to open the following port with ASA running 8.4 version

TCP: 5242 and 4244
UDP: 5243 and 9785

Thanks.

5 Replies 5

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

Do you mean you need to configure Static PAT (Port Forward) for those ports using your ASAs external interface public IP address or do you have a spare public IP address for the internal server/host so that Static NAT can be configured instead?

If you need to configure Static PAT (Port Forward) then you can use these as an example

object network SERVER-TCP5242

host

nat (inside,outside) static interface service tcp 5242 5424

object network SERVER-TCP4244

host

nat (inside,outside) static interface service tcp 4244 4244

object network SERVER-UDP5243

host

nat (inside,outside) static interface service udp 5243 5243

object network SERVER-TCP9785

host

nat (inside,outside) static interface service udp 9785 9785

If you dont have an ACL configured on your external ASA interface yet then you could configure

object network SERVER

host

access-list OUTSIDE-IN remark Allow TCP/5242/4244 and UDP/5243/9785

access-list OUTSIDE-IN permit tcp any object SERVER eq 5242

access-list OUTSIDE-IN permit tcp any object SERVER eq 4244

access-list OUTSIDE-IN permit udp any object SERVER eq 5243

access-list OUTSIDE-IN permit udp any object SERVER eq 9785

access-group OUTSIDE-IN in interface outside

The above configurations are just example names for the objects and ACL. You can use something else if you want. Naturally the interface names might be different but I used the default ones.

Hope this helps

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed

- Jouni

here, actually these are viber, voice program that require to open these ports. Its not like port forwarding.

Hi,

Do you need to allow the traffic from your LAN network to the external/public network? If so, then you naturally just simply allow those ports in the ACLs that control traffic out of your LAN (unless they are already allowed)

Allowing traffic from LAN to WAN is no different in the new software compared to the older ASA software levels. If the traffic is opened inbound from the external network then you will have to allow the traffic to the local/real IP address.

If we are talking about connections that come from the external/public network towards some LAN device on those destination ports then you need either Static NAT for that internal host to a public IP address or a Static PAT (Port Forward) if you only have a single public IP address.

I still dont know what the actual situation is.

- Jouni

Thanks for your reply.

Its from LAN to WAN which is already opened. But viber and skype are not working after placing the firewall. That's why am asking any specific acl to be created for this to work?

Hi,

Don't know about Viber but Skype works just fine for me through my home ASA5505 that is running a 8.4 software.

I would suggest monitoring the logs through ASDM when you are attempting the connections to determine if any traffic is blocked.

I have simply allowed traffic from my LAN to WAN. I don't have anything opened from the WAN.

- Jouni

Review Cisco Networking for a $25 gift card