Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
561
Views
0
Helpful
4
Replies

Need to open firewall ports

Ben McGuire
Level 1
Level 1

‎10-02-2015 02:18 AM - edited ‎03-11-2019 11:41 PM

Hi There,

I have a new Cisco ASA 5505 Firewall and need to open some ports but it is being a pain.

We are using Cisco ASDM GUI to change access rules but when we open ports it doesnt work.

What we are trying to do is open ports 80 and 443 so we can move our VMs to the new server using Veeam. As Veeam Backup uses port 443 to connect to the ESXi host that has a public IP we cannot move our VMs.

Can someone please explain how to open these ports. Do we create rules on the outside interface or Outside or both?

If someone wants to use Teamviewer to log into my laptop so they can access the ASDM and add these rules I would be greatful as I have spent half a day googling and trying everything.

Thanks in advance

Labels:
0 Helpful
4 Replies 4

Akshay Rastogi
Cisco Employee
Cisco Employee

‎10-05-2015 07:45 AM

Hello,

Are you using a Public IP to NAT your ESXi which is having Private IP configured?

Could you please explain your setup with some example here. Also let me know the version you are running on ASA.

Regards,

Akshay Rastogi

 

0 Helpful

Ben McGuire
Level 1
Level 1
In response to Akshay Rastogi

‎10-08-2015 06:13 AM

We have now put the ESXi host behind the firewall and all is running well but we now want to use the DMZ interface for our public VPS machines. 

The new discussion is here and everyone has been great here

https://supportforums.cisco.com/discussion/12626461/dmz-asa-5505

 

This is our last issue and I will be able to finally sleep after working out the above

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to Ben McGuire

‎10-10-2015 06:55 AM 

We have now put the ESXi host behind the firewall and all is running well but we now want to use the DMZ interface for our public VPS machines. 

The new discussion is here and everyone has been great here

https://supportforums.cisco.com/discussion/12626461/dmz-asa-5505


This is our last issue and I will be able to finally sleep after working out the above

Hi,

If the ESX servers are behind the firewall then you can apply ACL based on traffic flow. If traffic wants communicate from outside to DMZ then put all in in bound direction of outside to dmz and vice versa based on requirement.

Hope it Helps..

-GI

Rate if it Helps..

0 Helpful

Ben McGuire
Level 1
Level 1
In response to Ganesh Hariharan

‎10-10-2015 07:31 AM

Hi,

 

So what you are saying to apply ACL for traffic over the outside interface and direct it to the DMZ interface??

I cannot see how this would be secure as I want to segregate traffic away form the outside network and have only traffic destined to public VMs that i have assigned public ips on them to be handled by the DMZ.

I wonder if i could just let esxi handle DMZ traffic and steer away from the ASA?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top