Opening Ports on a Cisco ASA 5510

Are you on the inside trying to get out, or are you on the outside trying to get to an internal host?  

What is the IP of the host?  

If it's an internal host, do you have a block of IPs from your ISP or just 1?   If 1, is it static?  

Can you post a sanitized config form the ASA?    

I need to allow an outside program in through our firewall. I do not know the IP of the host, their tech support didn't seem to think that was important.. he just mentioned opening the ports I listed. We have an IP block and I'm not sure what a sanitized config is.

I've created a new TCP Service group for ports 1550-1599 and 7676 and attached them to a rule for the IP address of the user that needs access to the application, but we are still unable to connect.

Can't add anything to that :)

Though (if it's from the out- to the inside) it would be easier if you had an extra public.

Did you also add the ports to be natted from the outside to the inside?
Depends a bit on what version you have, if it's <8.3 you be using:
static (inside,outside) etc.

No, I have not done anything with NAT. I'm a bit over my head here. I was honestly just guessing when creating the service groups.

What version does the pix have?

The steps to allow inbound traffic:

1) Create a Static NAT or a Port Forward from the public IP to the internal host IP.  
2) Create an Access list on the outside interface to allow the traffic to pass.
3) Apply the Access list to the interface with the Access-group command....  

The exact command are dependent on your ASA version Pre or Post 8.3          A sanitized config would her a lot here.

Pix 506E - is that what you are asking?

What is a sanitized config and I'll see if I can figure it out...

We are Pre 8.3 ... 8.2(2) is what is says in the About tab, ASDM version 6.2(5) as well

In the ASDM under tools there is the command line tool. If you issue: 'wr t' (without the ') it should come back with the config. Mask sensitive info like public ip's, usernames, etc. and then post it here.

Man that file is huge. I also don't know what needs to be masked and what doesn't. Can you tell me exactly what you are looking for by chance?

The config of:
-the outside interface
-access list for the outside interface
-'static' commands
Oh, and the inside ip address where it (the program) needs to connect to.

I can't really identify those configs enough to feel comfortable posting any information. Sorry about that, thanks for the help though.

This is a pretty old exmaple, but might help you out:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094466.shtml

Use that example, just change the port number from 25 to the ports you need.   Then try the connection.    If it fails, you can do a SHOW LOGGING or watch the ASDM log window for Drops.   The log should give you a clue as to what's being dropped and why.   We can help diagnose further.

Created a new service and attached it to a new access rule and it worked. Thanks for the input!

Glad its working....   anything else we can answer then?

All set - thanks