Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1472
Views
0
Helpful
4
Replies

Help-need to allow ports 18082 and 18086 inbound (ASA5510)

Go to solution
ceezr1997
Level 1
Level 1

‎10-19-2011 02:10 PM - edited ‎03-11-2019 02:40 PM

Hello everyone, n00b here.

As the title reads, I need help to alow ports 18082 and 18086 inbound to one of my internal servers.

I pretty much now how to create a static nat rule but I dont know how to only allow those two ports.  I dont want to open the server to all ports.

This is what I am doing via ASDM v6.1:

Configuration-NAT Rule-Add=Add Static NAT Rule

Original

Interface: inside

Source: my internal IP address


Translated

Interface: outside

Use IP Address: my available external IP address

Now under PAT I assume that's where I put the ports, so I place a checkbox on Enable and select TCP.  Then I enter 18082 on both the Original and Translated Port boxes.  I tried adding 18086 by entering 18082-18086 or with a comma as a separator but it doesnt allow it and spits an error saying that the format is incorrect.

click [OK]

Now is that how I add a single port to forward to my internal server?  Do need to create another Static NAT Rule including the second port of 18086

Thanks for the help!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎10-19-2011 02:29 PM

Hello Cesar,

Yes, you will need to do it and afterwards you will need to open those ports on the ACL applied to the outside interface (inbound direction).

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎10-19-2011 02:29 PM

Hello Cesar,

Yes, you will need to do it and afterwards you will need to open those ports on the ACL applied to the outside interface (inbound direction).

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
ceezr1997
Level 1
Level 1
In response to Julio Carvajal

‎10-20-2011 11:56 AM

thanks for the reply  jcarvaja.

to clarify - I will have TWO NAT rules under my NAT Rules section, one for each port configured as stated above.

then I will go to my Access Rules and apply those two ports to that outside IP address?

I currently have an access rule with that outside IP address for an old website address no longer being used, it's configured as follows:

==========================

Interface: outside

Action: permit

Source: any

Destination: my outside ip address

Service: tcp/htpp <-more on this at the end

Enable Logging - Checked

Logging Level: Default

More Actions:

Enable Rules - Checked

===========================

In regards to the service, I can click on the elipsis button [...] - go to add - TCP service group - give it a group name and description and on the bottom box Port/Range enter the needed ports and [Add >>], am I correct?  How can I add two ports on this same service group?  Separate them with a "," or a ";"? ie: 18082,18086  or 18082;18086?

Thank you once again.    

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to ceezr1997

‎10-20-2011 12:39 PM

Hello Cesar,

That is correct, lets add them and this setup is going to work.

Hope you have a great day,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
ceezr1997
Level 1
Level 1
In response to Julio Carvajal

‎10-20-2011 02:36 PM

it worked, I am good to go!

thank you for your help!!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card