Solved

need help to Forward range of Ports to an internal IP, i have only ever done a single port  e.g SMTP before

Posted on 2008-10-10
3
203 Views
Last Modified: 2010-08-05
Hi

We have a single small network of 1 subnet prtoected by a ASA 5505 firewall, i need to forward a range of ports to a AV box TCP 3230 - 3243 and UDP 3230 - 3285

normally i use the command below to open a signle port like RDP or SMTP however i dont know how to do it for a range of ports, im hoping its not one line at a time.

static (inside,outside) tcp interface 25 10.0.0.1 25 netmask 255.255.255.25

Could someone show me the command

Thanks
0
Comment
Question by:ncomper
3 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 22687801
you need to allow the range and do a static for EVERY port. :(
0
 
LVL 10

Accepted Solution

by:
stsonline earned 500 total points
ID: 22725010
Unfortunately you cannot forward a range of ports - what you need to do is assign the AV box a static NAT, then create a set of access rules allowing the port ranges in. For example, assume you have 12.34.56.78 available as a useable NAT and the AV box has an IP address of 192.168.1.2 on the inside interface. First create the NAT:

static (inside,outside) 12.34.56.78 192.168.1.2 netmask 255.255.255.255

Then create access rules:

access-list outside_acl extended permit tcp any host 12.34.56.78 range 3230 3243
access-list outside_acl extended permit udp any host 12.34.56.78 range 3230 3385

If you don't want to allow ANY source, replace the 'any' with the proper IP addresses. That should do it.
0
 
LVL 5

Author Comment

by:ncomper
ID: 22725721
Thanks

Ive done it similar to that in the fact i have done a static mapping with one of our spare public IP's, however i actually entered the access list lines in on a line line by line basis for each port so i have about 70 lines in there,
I think i will take them out and replace them with the 2 lines above.

Thanks

Nick
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now