Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
604
Views
0
Helpful
1
Replies

Need to allow port 15000 via telnet

patrickdoman
Level 1
Level 1

‎09-23-2013 09:10 PM - edited ‎03-11-2019 07:42 PM

I have a ASA 5505 running            Cisco ASA version 9.1(2) and Device Manager Version 7.1

This configuration seems to have changed the way I setup rules in the ASDM to allow traffic on specific ports.

I have my firewall on 23.23.23.23 on the WAN port

I have my firewall on 10.100.1.254 on the internal port

I have a server on the internal network at 10.100.1.5

I want to allow telnet on port 15000 to this port

What would my process be for doing this in the ASDM, or in the command line?

If I telnet to any other port with the rule I have in place, the system event shows up in the log.

But if I telnet on port 15000 to the 23.23.23.23 (not real IP) I get nothing. No indication of dropped packets at all.

I have no one to one nat setup, but I am thinking that this would be more of a PAT situation. I want to allow any traffic inbound on port 15000 to pass through to the specific server listed.

Any ideas? Better to do this through the command line or can I accomplish this through the ASDM?

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎09-24-2013 01:13 AM

Hi,

I assume that you are talking about a Static PAT where the mapped port is TCP/15000 and the real local port is TCP/23 and the public IP address is 23.23.23.23 and local IP address is 10.100.1.5

This would result in a Static PAT configuration like this

object network SERVER

host 10.100.1.5

nat (inside,outside) static interface service tcp 23 15000

access-list OUTSIDE-IN remark Allow Telnet to local server

access-list OUTSIDE-IN permit tcp any object SERVER eq 23

The above presumes that you have interfaces called "inside" and "outside", if not then replace them with the actual interface names. Also the ACL name used is just example. Use the ACL that you already have configured and attached to the WAN interface.

Notice in the above that we allow the traffic to the real/local destination IP address AND ALSO to the real/local port instead of the mapped ones.

Hope this helps

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card