Re: Open port 5223 through firewall

Kevin Litman · ‎05-21-2013

I was hoping to get a little assistance in opening a port through our ASA 5510. I need to allow a tcp connection for IP 65.74.157.196 on port 5223 through our firewall to the subnet 10.1.12.0/24.

In the GUI, I created an access rule on our Outside interface with the source of 65.74.157.196 and the destination of 10.1.12.0/24 with the Service set to tcp 5223 and the Action is Permit.

Is there anything else I need to configure?

lcambron · ‎05-21-2013

Hello Kevin,

That should be all, what version do you have?

can you run a packet tracer?

packet in Outside tcp 65.74.157.196 1025 10.1.22.5 5223

Regards,

Felipe.

Kevin Litman · ‎05-22-2013

We are running 8.2.

This is what I have:

ACL

access-list Outside-ISP1_access_in extended permit tcp host RemoteServerIP any 5223

NAT

static (Inside,Outside-ISP1) tcp interface 5223 10.1.12.55 5223 netmask 255.255.255.255

10.1.12.55 is the inside address the remote server needs to communicate with on 5223

I attached an image of the Packet Tracer results.

lcambron · ‎05-22-2013

You need to allow the connection to the public IP, in this case seems like it is the ASA's outside interface IP, however you have "any" as the destination which should allow it.

Seems like there is a typo on the ACL, you are missing "eq"

access-list Outside-ISP1_access_in extended permit tcp host RemoteServerIP any eq 5223

Has the ACL already been applied with the access-group command?

Regards,

Felipe.

Kevin Litman · ‎05-22-2013

Sorry, I have an object defined for the server and the port. Below is the actual command that was entered.

access-list Outside-ISP1_access_in extended permit tcp host Geotrax_Jabber any object-group jabber_ssl

lcambron · ‎05-23-2013

That should do it, as long as the object jabber_ssl has TCP port 5223.

Regards,

Felipe.