12-04-2013 05:14 AM - edited 03-11-2019 08:12 PM
Dear,
How to open the following port with ASA running 8.4 version
TCP: 5242 and 4244
UDP: 5243 and 9785
Thanks.
12-04-2013 05:36 AM
Hi,
Do you mean you need to configure Static PAT (Port Forward) for those ports using your ASAs external interface public IP address or do you have a spare public IP address for the internal server/host so that Static NAT can be configured instead?
If you need to configure Static PAT (Port Forward) then you can use these as an example
object network SERVER-TCP5242
host
nat (inside,outside) static interface service tcp 5242 5424
object network SERVER-TCP4244
host
nat (inside,outside) static interface service tcp 4244 4244
object network SERVER-UDP5243
host
nat (inside,outside) static interface service udp 5243 5243
object network SERVER-TCP9785
host
nat (inside,outside) static interface service udp 9785 9785
If you dont have an ACL configured on your external ASA interface yet then you could configure
object network SERVER
host
access-list OUTSIDE-IN remark Allow TCP/5242/4244 and UDP/5243/9785
access-list OUTSIDE-IN permit tcp any object SERVER eq 5242
access-list OUTSIDE-IN permit tcp any object SERVER eq 4244
access-list OUTSIDE-IN permit udp any object SERVER eq 5243
access-list OUTSIDE-IN permit udp any object SERVER eq 9785
access-group OUTSIDE-IN in interface outside
The above configurations are just example names for the objects and ACL. You can use something else if you want. Naturally the interface names might be different but I used the default ones.
Hope this helps
Please do remember to mark a reply as the correct answer if it answered your question.
Feel free to ask more if needed
- Jouni
12-04-2013 05:52 AM
here, actually these are viber, voice program that require to open these ports. Its not like port forwarding.
12-04-2013 05:56 AM
Hi,
Do you need to allow the traffic from your LAN network to the external/public network? If so, then you naturally just simply allow those ports in the ACLs that control traffic out of your LAN (unless they are already allowed)
Allowing traffic from LAN to WAN is no different in the new software compared to the older ASA software levels. If the traffic is opened inbound from the external network then you will have to allow the traffic to the local/real IP address.
If we are talking about connections that come from the external/public network towards some LAN device on those destination ports then you need either Static NAT for that internal host to a public IP address or a Static PAT (Port Forward) if you only have a single public IP address.
I still dont know what the actual situation is.
- Jouni
12-04-2013 08:28 PM
Thanks for your reply.
Its from LAN to WAN which is already opened. But viber and skype are not working after placing the firewall. That's why am asking any specific acl to be created for this to work?
12-04-2013 11:25 PM
Hi,
Don't know about Viber but Skype works just fine for me through my home ASA5505 that is running a 8.4 software.
I would suggest monitoring the logs through ASDM when you are attempting the connections to determine if any traffic is blocked.
I have simply allowed traffic from my LAN to WAN. I don't have anything opened from the WAN.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide