How to open ports for eMule Cisco ASA 5505

Posted on 2009-02-15
Last Modified: 2012-05-06
I can't open tcp 4662 port in my new firewall Cisco ASA 5505. I wish to permit the traffic from the outside to one pc on my lan. The pc Ip on the lan is and I wish to open port 4662 TCP.
I have use these:

access-list outside_access_in extended permit tcp host interface outside eq 4662
static (inside,outside) tcp interface 4662 4662 netmask
but the mule dosen't work.

this is now my running-config on cisco

Firewall# sh running-config
: Saved
ASA Version 8.0(4)3
hostname Firewall
enable password Nhcxxt5YNCRoLPm9 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
interface Vlan1
 nameif inside
 security-level 100
 ip address
interface Vlan2
 nameif outside
 security-level 0
 ip address
interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
access-list acl_icmp extended permit icmp any any
access-list outside_access_in extended permit tcp host interface outsid
e eq 4662
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-615.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1
static (inside,outside) tcp interface 4662 4662 netmask

access-group acl_icmp in interface outside
route outside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd address inside
dhcpd dns interface inside
dhcpd enable inside

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
 match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
service-policy global_policy global
prompt hostname context
: end

Question by:Dampyr
    LVL 79

    Accepted Solution

    >access-list acl_icmp extended permit icmp any any
    >access-list outside_access_in extended permit tcp host interface outside eq 4662
    >access-group acl_icmp in interface outside

    Modify these as follows:

    access-list outside_access_in permit tcp any interface outside eq 4662
    access-list outside_access_in permit icmp any any echo-reply
    access-list outside_access_in permit icmp any any unreachable
    access-group outside_access_in in interface outside
    LVL 57

    Expert Comment

    by:Pete Long
    wold it not be better to
    policy-map global_policy
     class inspection_default
      inspect icmp
    and not bother with
    access-list outside_access_in permit icmp any any echo-reply
    access-list outside_access_in permit icmp any any unreachable
    LVL 79

    Expert Comment

    Supposedly same result, but I've seen different results in different versions of PIX/ASA code. "old school" always works.  Keeping me on my toes, mate!


    Author Comment

    No, whith this configuration emule doesn't work. I have always  ID down
    i don't know what i must do......
    LVL 79

    Expert Comment

    Maybe you want to open UDP 4672 also?

    static (inside,outside) udp interface 4672 4672 netmask
    access-list outside_access_in permit udp any interface outside eq 4672
    LVL 57

    Expert Comment

    by:Pete Long
    >>Keeping me on my toes, mate
    LOL, no - just wanted to know what you thought :)

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now