cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1326
Views
0
Helpful
6
Replies

How to open port for a single IP

Amardeep Kumar
Level 1
Level 1

HI ,

I want to give sVN access to a remote client. So I need to give access only his IP. Please suggest what will be the access list..

Thanks

Amardeep

1 Accepted Solution

Accepted Solutions

varrao
Level 10
Level 10

Hi Amardeep,

You should provide some ip addresses, that needs to be accessed(you can modify them), and also the interface from where the traffic would be hitting the firewall, but just for your reference:

access-list inside_access_in extended permit tcp host host eq

access-group inside_access_in in interface outside   (if the traffic is coming from outside interface)

Hope this helps.

Thanks,

Varun

Please rate the post if helpful

Thanks,
Varun Rao

View solution in original post

6 Replies 6

varrao
Level 10
Level 10

Hi Amardeep,

You should provide some ip addresses, that needs to be accessed(you can modify them), and also the interface from where the traffic would be hitting the firewall, but just for your reference:

access-list inside_access_in extended permit tcp host host eq

access-group inside_access_in in interface outside   (if the traffic is coming from outside interface)

Hope this helps.

Thanks,

Varun

Please rate the post if helpful

Thanks,
Varun Rao

Here's a command reference for you:

http://www.cisco.com/en/US/customer/docs/security/asa/asa82/command/reference/a1.html#wp1559450

Thanks,

Varun

Thanks,
Varun Rao

Hi Varun,

I tried it but not able to access port. but this is not working for me, But when I create it for any any. I am able to access it.

Thanks

Hi Amar,

As I told you kindly provide  me the output of the access-list that you created, what is the source ip from where the request would be coming and what is the destination that you are accessing. What port are you opening?

Can you provide an output of show tech from your ASA??

-Varun

Thanks,
Varun Rao

HI

Here are the details

I want to give access of my svn server.

access-list 10  extended permit tcp host host eq 3690

access-group 10 in interface outside

Thanks

Hi Amar,

The access-list looks good, but is the server ip a public ip that you are using or are you using a private ip.

What is the ASA software version that you are using?? Do you have a static nat translation for it on the ASA??

You can check the software version with the command "show version" and the static by "show run static"

If you want to know, if your acl is working, do:

show access-list 10

This would give you the hitcount, if it is 0, it means it is not working.

Thanks,

Varun

Thanks,
Varun Rao
Review Cisco Networking for a $25 gift card