Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3737
Views
0
Helpful
5
Replies

Need to open Port on Cisco ASA

vikrammurudkar7589
Level 1
Level 1

‎03-14-2021 07:47 AM

Hi All,

 

I need to open Telnet for the below port on Cisco ASA Firewall for the below information:

 

imap.gmail.com  993

 

smtp.gmail.com 465

 

smtp.gmail.com 587

 

What should I configure on the ASA Firewall?

Object for the host, Object for the service, ACL.  And, incase if I'm missing something please point it out as well.

 

Can someone provide an example for the same with the above example as it's a fresh configuration on the ASA Firewall?

 

 

Thanks & Regards,

Vikram K Murudkar.

0 Helpful
5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-14-2021 07:51 AM

Do you want to allow that traffic outbound?

By default all traffic from high security (inside) to low security (outside) is allowed on an ASA. So you don't need any rules to accomplish what you're asking. Just the basic interface and routing (and probably NAT) setup is required.

0 Helpful

vikrammurudkar7589
Level 1
Level 1
In response to Marvin Rhoads

‎03-14-2021 08:12 AM

Hi Marvin,

 

Thanks for the reply.

But, as this is fresh configuration for the specific request being made. So, I need just an example with an above things.

 

I've tried a few things by myself, can you verify it if it's correct or not?

Example;

object network INSIDE-SUBNET
subnet 172.20.10.0 255.255.255.0
nat(inside,outside) dynamic interface

object network SMTP-SERVER
host 172.20.10.100
nat(inside,outside) static interface service tcp 995 995

access-list Outside_access_in extended permit tcp object INSIDE-SUBNET object SMTP-SERVER eq 995
access-group Outside_access_in in interface Outside

 

Thanks & Regards,

Vikram

0 Helpful

vikrammurudkar7589
Level 1
Level 1
In response to vikrammurudkar7589

‎03-14-2021 08:26 AM

Hi Marvin,

 

access-list Outside_access_in extended permit tcp object INSIDE-SUBNET object SMTP-SERVER eq 995

 

It will be "any" instead of "INSIDE-SUBNET" , correct?

 

Thanks & Regards,

Vikram

 

0 Helpful

Sheraz.Salim
VIP
VIP
In response to vikrammurudkar7589

‎03-14-2021 10:19 AM

correct "any" instead of "INSIDE-SUBNET"

please do not forget to rate.
0 Helpful

Sheraz.Salim
VIP
VIP
In response to vikrammurudkar7589

‎03-14-2021 10:17 AM

 

 

object network INSIDE-SUBNET    
subnet 172.20.10.0 255.255.255.0
nat(inside,outside) dynamic interface

this is correct. from inside traffic to go outside

 

I have changed the outside traffic to coming inside to your netowrk with static nat. this should work

 

 

object network SMTP-SERVER
host 172.20.10.100
nat(inside,outside) static interface service tcp 995 995

access-list Outside_access_in extended permit tcp any object SMTP-SERVER eq 995
access-group Outside_access_in in interface Outside

you can test it with packet tracer

 

packet-tracer input outside tcp 8.8.8.8 https x.x.x.x 995    (x.x.x.x is your interface outside firewall ip address)

 

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card