Solved

need help to Forward range of Ports to an internal IP, i have only ever done a single port  e.g SMTP before

Posted on 2008-10-10
3
232 Views
Last Modified: 2010-08-05
Hi

We have a single small network of 1 subnet prtoected by a ASA 5505 firewall, i need to forward a range of ports to a AV box TCP 3230 - 3243 and UDP 3230 - 3285

normally i use the command below to open a signle port like RDP or SMTP however i dont know how to do it for a range of ports, im hoping its not one line at a time.

static (inside,outside) tcp interface 25 10.0.0.1 25 netmask 255.255.255.25

Could someone show me the command

Thanks
0
Comment
Question by:ncomper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 22687801
you need to allow the range and do a static for EVERY port. :(
0
 
LVL 10

Accepted Solution

by:
stsonline earned 500 total points
ID: 22725010
Unfortunately you cannot forward a range of ports - what you need to do is assign the AV box a static NAT, then create a set of access rules allowing the port ranges in. For example, assume you have 12.34.56.78 available as a useable NAT and the AV box has an IP address of 192.168.1.2 on the inside interface. First create the NAT:

static (inside,outside) 12.34.56.78 192.168.1.2 netmask 255.255.255.255

Then create access rules:

access-list outside_acl extended permit tcp any host 12.34.56.78 range 3230 3243
access-list outside_acl extended permit udp any host 12.34.56.78 range 3230 3385

If you don't want to allow ANY source, replace the 'any' with the proper IP addresses. That should do it.
0
 
LVL 5

Author Comment

by:ncomper
ID: 22725721
Thanks

Ive done it similar to that in the fact i have done a static mapping with one of our spare public IP's, however i actually entered the access list lines in on a line line by line basis for each port so i have about 70 lines in there,
I think i will take them out and replace them with the 2 lines above.

Thanks

Nick
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA ISP failover 3 30
Palo Alto site-to-site vpn monitoring 5 49
CISCO wireless controller & AP 2 35
pfsense upgrade from 2.2.6 to 2.3.3 28 21
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question