03-16-2010 10:28 PM - edited 03-11-2019 10:22 AM
Hi,
I need to open a port so that one of our user's can access and application externally which uses port 6999.
How would I open the port so that the user can access the server using port 6999.
Thanks
SZ
03-16-2010 10:55 PM
Hi,
is the user is trying to access this application from outside to your network ??. If yes, write the extended acl and apply that acl into your outside interface,
access-list access-list-number [dynamic dynamic-name [timeout minutes]]{deny | permit} tcp source source-wildcard [operator port]] destination destination-wildcard [operator [port]] [established][precedence precedence] [tos tos] [log | log-input] [time-range time-range-name]
Example:
access-list 101 permit tcp host 10.1.1.2 host 172.16.1.1 eq telnet
Regards
Karuppu
03-16-2010 10:59 PM
Hi,
No the user is inside the network (LAN).
How do I enable any user or IP on the lan to access that port.
Thanks
03-16-2010 11:28 PM
Hi,
what is the source ip and where it is residing(inside of your firewall or outside) ??
what is the destination ip and where it is residing(inside of your firewall or outside) ??
not able to understand your questions...
Regards
Karuppu
03-17-2010 05:56 PM
Hi
Do you have an update on this issue.
Thanks
Sam
Sent from my iPhone
On 17/03/2010, at 5:28 PM, "foreverkaruppu"
03-17-2010 06:16 PM
Hi,
If you are using cisco firewalls PIX515/525/533 or ASA then the default rule is from high security level inerface(inside) to low security level(outside) everything is permitted.No need to add any access list to access anything from your inside to outside.
But you should have a proper NAT configuration in your firewall.
If you need more help, then paste your running configuration.
Regards
Karuppu
03-18-2010 05:44 PM
01-06-2020 05:32 AM
Hi,
I have a requirement for port opening.. Customer only shared below info
Connect24 : 172.192.x.x Port : 1756
WEB service : 172.192.x.x Port : 2556
How can I do this from ASDM
03-16-2010 11:31 PM
Hi,
I want any IP on the LAN which is behind the firewall to access an IP 64.x.x.x outside the firewall
example any ip 192.168.0.1/24 to access ip 61.x.x.x on port 6999.
I also need to set up rdp to ip 192.168.0.254 which resided inside the firewall.
The IP of the firewall is 192.168.0.x
Thanks
03-18-2010 06:57 PM
To make your 192.168.0.254 accessible via RDP you need to configure static
1. static (i,o) tcp interface 3389 192.168.0.254 3389 net 255.255.255.255
2. also provide permission via acl on the outside interface to allow traffic destined to your interface IP.
I want any IP on the LAN which is behind the firewall to access an IP 64.x.x.x outside the firewall
example any ip 192.168.0.1/24 to access ip 61.x.x.x on port 6999.
For the above you don' t need anything if you do not have an inside access-list applied IN on the inside interface. If you do have acl that you have applied on the inside interface then you need to permit this flow.
access-list inside-acl per tcp any ho 61.x.x.x eq 6999
-KS
03-18-2010 07:11 PM
Hi,
I am a novice when it comes to cisco, what command/s do I need to type to set the RDP access up.
Thanks
Sam
03-23-2010 05:20 AM
Hi,
I tried the command suggested " access-list inside-acl per tcp any ho 58.96.29.214 eq 6999" but still the software can't connect to the server (on the internet) using port 6999.
Any other suggestions.
Regards,
Sam
09-30-2024 11:19 PM - edited 09-30-2024 11:21 PM
Hi Sam
To allow external access to an application running on port 6999, you need to configure NAT and an Access Control List to permit the incoming traffic on port 6999. Pls follow the below syntax and replace the IPs accordingly as per your network setup. The NAT rule will map incoming traffic on the ASA’s public IP address to the internal
serverciscoasa(config)# object network obj-server
ciscoasa(config-network-object)# host 192.168.1.100
ciscoasa(config-network-object)# nat (inside,outside) static interface service tcp 6999 6999
ciscoasa(config)# access-list outside_access_in extended permit tcp any host 154.0.128.170 eq 6999
ciscoasa(config)# access-group outside_access_in in interface outside
ciscoasa(config)# write memory
test and let me know if you need anything else.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide