cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
696
Views
0
Helpful
4
Replies

How to open 2 specific ports and Cisco ASA 8.6

benacquis
Level 1
Level 1

Hello, we currently need to open 2 new specific ports on our Firewall, to allow remote connection to our Cisco IP phones.  Unfortunately I am not to well versed in the ASA; however originally thought I opened the 2 ports correctly via the ASDM.  However, after using a online port scanner and noticing the remote phones still do not work, I clearly did something wrong.

Can someone please advise how I can open 2 specific RTP ports using ASDM 6.6 / ASA 8.6 easily please? Any help would be appreciated and thanks in advance.

4 Replies 4

Vibhor Amrodia
Cisco Employee
Cisco Employee

Hi,

I thin you should have tried to allow the ACL rules on the ASA device to allow those ports.

Also , you need to check the Mapped IP on the ASA device which will forward these ports on the Internal phones.

The ACL should be having destination as the REAL IP and there should be a NAT is you are going to destination public IP.

Thanks and Regards,

Vibhor Amrodia

Thanks for the reply Vibhor.

I believe I have part of the steps correct.  I created a new rule within the Access Rules and created a object that contains the 2 ports.  It's from this point on that i'm not to familiar with.

Can you please advise how to correctly create the NAT rule via ADSM?  The external phones connect to our network via WAN and seem to hit our phone system fine. However, we just need to open these 2 specific ports, to allow RTP voice traffic back to the external phones.  Thanks again in advance for your help.

Hi,

I hope this helps.

If you still need any help , let me know:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/asdm70/configuration_guide/asdm_70_config/nat_objects.html#pgfId-1106703

Thanks and Regards,

Vibhor Amrodia

Thanks for the link Vibhor.

So I tried configuring a NAT rule for each of the 2 required ports. I believe I did them correctly and created 2 separated NAT rules, one for each port.  However, I still dont think they're working correctly. I also tried using an online port scanner and see that the results of our external IP + those 2 ports indicates "filtered" and may still be closed.

I attached a screenshot of one of the NAT configs for one of the ports.  Can you please confirm if this looks correct?  Essentially we need to open up these 2 ports to allow full traffic through them. But doesnt seem to be setup correctly on my end yet, since the online port scanner is yielding errors.

Thanks again and regards

Review Cisco Networking for a $25 gift card