Re: ASA open ports in ASDM

P.Kalemba · ‎11-12-2017

Hello everyone,

Im very new here and to this device, so excuse me for such a noob question.

My manager told me to open on firewall ports for IP softphones, servers are located in cloud on the internet.

internal addresses are any from local network.
Outside servers 1.206.34.96/28

required ports

from servers to local network tcp 5060-5065
from servers to local network udp 5060-5065
from servers to local network tcp 20000-65000

from local to servers tcp 5060-5065
from local to servers tcp 80
from local to servers tcp 443
from local to servers udp 5060-5065
from local to servers udp 30000-65000

please guide me through what should be done in ASDM for:
Access Rules
NAT Ruless

Bogdan Nita · ‎11-13-2017

Here are some links on how to configure ACL and NAT on the ASA via GUI:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/112925-acl-asdm-00.html

https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/asdm71/firewall/asdm_71_firewall_config/nat_objects.html

If the server is server needs to initiate traffic to the phones you will need a one to one NAT for every phone.

I am not a voice specialist, but as far as I know NAT is not usually used for voice implementation.

Joel Fox · ‎11-15-2017

Hello - This should be pretty straight forward, you shouldn't have to do anything with NAT statements. If these phones are pulling configs from the web, you'll need to open those ports on your inbound access list.

If you have Smartnet on your ASA, I highly recommend opening a support case with Cisco TAC. There's a whole lot of info needed to help you if you're not familiar with the ASA (model, software version, partial config, etc). If you do open a ticket with TAC, they'll want CLI access so make sure you can access that before hand to speed things up.