Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
607
Views
10
Helpful
5
Replies

Cisco ASA 5510 CLI configuration

Kaushik Ray
Level 1
Level 1

‎03-16-2015 06:41 AM - edited ‎03-11-2019 10:38 PM

Hello I am trying to create an object with a public IP address as a host and allow multiple udp ports to that host but cannot fine to seem the relevant documentation.

 

When i create the object and try the service command under it does not allow me to put in udp/tcp protocol options.

 

Any one can advise on how to configure this please?

 

device details

 

PID: ASA5510 

 

System image file is "disk0:/asa842-k8.bin"

 

 

Please let me know if you need any more details.

 

thanks


 

 

 

 

 

Labels:
0 Helpful
5 Replies 5

Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎03-16-2015 07:21 AM

Hi Kaushik,

This is how you define the object service:

object service test-list

service tcp source eq 8014

And below are the options. You cannot define all three of the below ports in one service. You can define range or equal or greater than etc.

ASA5585-2(config-service-object)# service tcp source ?

service-object mode commands/options:

  eq     Port equal to operator

  gt     Port greater than  operator

  lt     Port less than operator

  neq    Port not equal to operator

  range  Port range operator

Then you can use this object service in access-list or NAT rule.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Kaushik Ray
Level 1
Level 1
In response to Kanwaljeet Singh

‎03-16-2015 07:34 AM

thanks I have setup something like this. is it fine or i need to amend something ?

Please let me know thanks

object network obj-Test
 host xxx.xxx.xxx.xxx


object network obj-Test
 nat (inside,outside) static xxx.xxx.xxx.xxx

 

access-list outside_acl extended permit ip host yyy.yyy.yyy.yyy host xxx.xxx.xxx.xxx
access-list outside_acl extended permit ip host aaa.aaa.aaa.aaa host xxx.xxx.xxx.xxx

access-list outside_acl extended permit udp any host xxx.xxx.xxx.xxx range 20000 24000

 

 

 

 

 

0 Helpful

Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to Kaushik Ray

‎03-16-2015 03:07 PM

Hi Kaushik,

I am not sure about your requirement but this command should allow udp access for the host and range you have mentioned.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Kaushik Ray
Level 1
Level 1
In response to Kanwaljeet Singh

‎03-16-2015 04:41 PM

Thanks Kanwal for your reply; one more thing i wanted to ask ; my host has been assigned a public ip address itself; in that case am i correct in doing a static nat to itself  or that could cause issues?

0 Helpful

Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to Kaushik Ray

‎03-18-2015 07:27 AM

Hi Kaushik,

Yeah it should be fine if it is not natted anywhere else. 

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card