Allowing a range if IP addresses through an ASA using ASDM

Posted on 2013-06-18
Medium Priority
Last Modified: 2013-07-03
Hello Experts,
I’m sure this is a lame rookie question, but I’m a total Cisco ASA rookie, so I’m going to ask it any ways.  We have a Cisco 5520 at work.  Some users are trying to test new software and things are not working.  I have contacted the vendor and they have said we need to open five different ranges of IP addresses.  I don’t know how to do this.  I’m using the Cisco ASDM because I can’t seem to find any of the access rules in the Cisco cli.
Here is what I think I need to do (again, this is from within the ASDM (sorry about that)):
1.      Create a new network object group that contains the IP ranges that the vendor said I need to allow through our firewall
2.      Go to the Advanced ¿ ACL Manager
3.      Create a new rule in the from_out section where the source is the group I created in step 1 and the destination is any.

Does this sound about right?

As always,
Question by:ndalmolin_13
LVL 20

Accepted Solution

rauenpc earned 2000 total points
ID: 39257188
The configuration all depends on how traffic will flow, and not just the endpoints. Try to draw us a picture if you could. Also add in who will start the conversations so for example the average user will communicate with the internet but people on the internet should never be able to directly connect to that user. Likewise, a web server might need general access to the internet AND allow random internet users to connect directly to it on ports 80 and 443.

This explanation will help us help you.

Author Comment

ID: 39257304
We have users that are going to log into Skillsoft.com (which I believe is a web-based training site).  When they try to log in, the connection just stalls at the login screen.  I have contacted their support and sent them logs regarding our Java installation.  They have come back and asked that I open the following IP address on our firewall: – – – – –

I hope this helps.

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question