10-23-2012 09:04 AM - edited 03-11-2019 05:12 PM
Hi Everyone,
If i need to open specfic port on ASA so that it allow the traffic for that.
What are different ways to open port using CLI?
Thanks
Mahesh
Solved! Go to Solution.
10-23-2012 11:00 AM
Hello Mahesh,
Lets say you have an internal host 192.168.12.2 that neeeds to be access on port 80 from the outside world.
We will use the outside interface (public IP) to access it
So configuration on ASA 8.2 will be:
static (inside,outside) tcp 192.168.12.2 80 interface 80
access-list outside_in permit tcp any host interface outside eq 80
access-group outside_in in interface outside
Now lets see it on a scenario where no nat is need it:
We have already an internal server with a public ip address 2.2.2.2 and that one needs to be access on port 80
no nat-control
access-list outside_in permit tcp any host 2.2.2.2 eq 80
access-group outside_in in interface outside
So basically if we already have a routable over the internet IP NAT will not be need it!
Remember to rate all of the answers that help ( if you need assistance on how to rate a post just let me know)
Julio
10-23-2012 10:40 AM
Hello,
Just to use an ACL and if NAT is required then just configure the right port-forwarding rule or NAT statement.
Regards,
10-23-2012 10:49 AM
Hi,
Thanks for reply.
Can you please give generic example config that shows how to open port with or without NAT?
Regards
Mahesh
10-23-2012 11:00 AM
Hello Mahesh,
Lets say you have an internal host 192.168.12.2 that neeeds to be access on port 80 from the outside world.
We will use the outside interface (public IP) to access it
So configuration on ASA 8.2 will be:
static (inside,outside) tcp 192.168.12.2 80 interface 80
access-list outside_in permit tcp any host interface outside eq 80
access-group outside_in in interface outside
Now lets see it on a scenario where no nat is need it:
We have already an internal server with a public ip address 2.2.2.2 and that one needs to be access on port 80
no nat-control
access-list outside_in permit tcp any host 2.2.2.2 eq 80
access-group outside_in in interface outside
So basically if we already have a routable over the internet IP NAT will not be need it!
Remember to rate all of the answers that help ( if you need assistance on how to rate a post just let me know)
Julio
10-23-2012 11:32 AM
Hi Julio,
Thanks again
Regards
Mahesh
10-23-2012 11:35 AM
Hello,
My pleasure to help
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide