Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
698
Views
0
Helpful
4
Replies

How to open 2 specific ports and Cisco ASA 8.6

benacquis
Level 1
Level 1

‎12-23-2014 08:00 PM - edited ‎03-11-2019 10:15 PM

Hello, we currently need to open 2 new specific ports on our Firewall, to allow remote connection to our Cisco IP phones.  Unfortunately I am not to well versed in the ASA; however originally thought I opened the 2 ports correctly via the ASDM.  However, after using a online port scanner and noticing the remote phones still do not work, I clearly did something wrong.

Can someone please advise how I can open 2 specific RTP ports using ASDM 6.6 / ASA 8.6 easily please? Any help would be appreciated and thanks in advance.

Labels:
0 Helpful
4 Replies 4

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎12-24-2014 04:19 AM

Hi,

I thin you should have tried to allow the ACL rules on the ASA device to allow those ports.

Also , you need to check the Mapped IP on the ASA device which will forward these ports on the Internal phones.

The ACL should be having destination as the REAL IP and there should be a NAT is you are going to destination public IP.

Thanks and Regards,

Vibhor Amrodia

0 Helpful

benacquis
Level 1
Level 1
In response to Vibhor Amrodia

‎12-24-2014 02:45 PM

Thanks for the reply Vibhor.

I believe I have part of the steps correct.  I created a new rule within the Access Rules and created a object that contains the 2 ports.  It's from this point on that i'm not to familiar with.

Can you please advise how to correctly create the NAT rule via ADSM?  The external phones connect to our network via WAN and seem to hit our phone system fine. However, we just need to open these 2 specific ports, to allow RTP voice traffic back to the external phones.  Thanks again in advance for your help.

0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to benacquis

‎12-25-2014 01:35 AM

Hi,

I hope this helps.

If you still need any help , let me know:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/asdm70/configuration_guide/asdm_70_config/nat_objects.html#pgfId-1106703

Thanks and Regards,

Vibhor Amrodia

0 Helpful

benacquis
Level 1
Level 1
In response to Vibhor Amrodia

‎12-26-2014 12:30 PM

Thanks for the link Vibhor.

So I tried configuring a NAT rule for each of the 2 required ports. I believe I did them correctly and created 2 separated NAT rules, one for each port.  However, I still dont think they're working correctly. I also tried using an online port scanner and see that the results of our external IP + those 2 ports indicates "filtered" and may still be closed.

I attached a screenshot of one of the NAT configs for one of the ports.  Can you please confirm if this looks correct?  Essentially we need to open up these 2 ports to allow full traffic through them. But doesnt seem to be setup correctly on my end yet, since the online port scanner is yielding errors.

Thanks again and regards

Preview file
111 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card