Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
30982
Views
0
Helpful
5
Replies

NEED TO OPEN PORTS IN ASA 5510

Go to solution
crtsrvfdleasa
Level 1
Level 1

‎01-05-2010 06:02 AM - edited ‎03-11-2019 09:53 AM

I need to open/permit several ports on the firewall of our ASA 5510

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
resoares
Cisco Employee
Cisco Employee

‎01-06-2010 06:53 AM

Hi Walker,

Actually, you are trying to access an external host (.94), who has those 4 mentioned opened ports and your internal LAN must connected to this one, is that correct?

So, if Im correct, no configuration is needed and it should be working, because your ASA has a PAT configured and all the access have been configured properly to allow your internal LAN to reach the external one.

access-list FDLE_access_in extended permit object-group DM_INLINE_SERVICE_1 any FDLE_Network 255.255.255.240

Maybe you should check your PIX configuration.

BR,

View solution in original post

0 Helpful
5 Replies 5

Go to solution
resoares
Cisco Employee
Cisco Employee

‎01-05-2010 06:16 AM

Hi,

From my understanding you just only allow those ports to be opened for some applications, is that right?


If the traffic comes from the Internet to your Internal LAN, you need to create the following ACL:

access-list FDLE_access_in extended permit tcp any host "ip address" eq 443 
access-list FDLE_access_in extended permit tcp any host "ip address" eq 80
access-list FDLE_access_in extended permit tcp any host "ip address" eq 5222
access-list FDLE_access_in extended permit tcp any host "ip address" eq 5223


You will also need to create a STATIC NAT entry for those hosts to allow external users to connect to the internal users, as follows:


static (BOCC,FDLE) tcp external ip address "80" internal ip address "80" netmask 255.255.255.255 
static (BOCC,FDLE) tcp external ip address "443" internal ip address "443" netmask 255.255.255.255 
static (BOCC,FDLE) tcp external ip address "5223" internal ip address "5223" netmask 255.255.255.255 
static (BOCC,FDLE) tcp external ip address "5222" internal ip address "5222" netmask 255.255.255.255 

BR,






0 Helpful

Go to solution
crtsrvfdleasa
Level 1
Level 1
In response to resoares

‎01-06-2010 06:17 AM

Dear Renato

Thank you for answering my question. As I am only a neophyte working with ASA devices I may need further explanation on what to do.

0 Helpful

Go to solution
SOL10
Level 1
Level 1

‎01-06-2010 06:36 AM

Walker

am i right in saying that you need to open ports on the ASA going out from the BOCC N/W to the FDLE N/W?

BR

0 Helpful

Go to solution
crtsrvfdleasa
Level 1
Level 1
In response to SOL10

‎01-06-2010 07:26 AM

I need to open ports in the ASA so FDLE N/W apps will run correctly on the BOCC N/W.

0 Helpful

Go to solution
resoares
Cisco Employee
Cisco Employee

‎01-06-2010 06:53 AM

Hi Walker,

Actually, you are trying to access an external host (.94), who has those 4 mentioned opened ports and your internal LAN must connected to this one, is that correct?

So, if Im correct, no configuration is needed and it should be working, because your ASA has a PAT configured and all the access have been configured properly to allow your internal LAN to reach the external one.

access-list FDLE_access_in extended permit object-group DM_INLINE_SERVICE_1 any FDLE_Network 255.255.255.240

Maybe you should check your PIX configuration.

BR,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card