Solved

Allowing a range if IP addresses through an ASA using ASDM

Posted on 2013-06-18
2
339 Views
Last Modified: 2013-07-03
Hello Experts,
I’m sure this is a lame rookie question, but I’m a total Cisco ASA rookie, so I’m going to ask it any ways.  We have a Cisco 5520 at work.  Some users are trying to test new software and things are not working.  I have contacted the vendor and they have said we need to open five different ranges of IP addresses.  I don’t know how to do this.  I’m using the Cisco ASDM because I can’t seem to find any of the access rules in the Cisco cli.
Here is what I think I need to do (again, this is from within the ASDM (sorry about that)):
1.      Create a new network object group that contains the IP ranges that the vendor said I need to allow through our firewall
2.      Go to the Advanced ¿ ACL Manager
3.      Create a new rule in the from_out section where the source is the group I created in step 1 and the destination is any.

Does this sound about right?

As always,
Nick
0
Comment
Question by:ndalmolin_13
2 Comments
 
LVL 20

Accepted Solution

by:
rauenpc earned 500 total points
Comment Utility
The configuration all depends on how traffic will flow, and not just the endpoints. Try to draw us a picture if you could. Also add in who will start the conversations so for example the average user will communicate with the internet but people on the internet should never be able to directly connect to that user. Likewise, a web server might need general access to the internet AND allow random internet users to connect directly to it on ports 80 and 443.

This explanation will help us help you.
0
 
LVL 1

Author Comment

by:ndalmolin_13
Comment Utility
We have users that are going to log into Skillsoft.com (which I believe is a web-based training site).  When they try to log in, the connection just stalls at the login screen.  I have contacted their support and sent them logs regarding our Java installation.  They have come back and asked that I open the following IP address on our firewall:

209.235.8.1 – 209.235.9.254
209.235.10.1 – 209.235.10.62
209.46.44.1 – 209.46.45.254
216.205.88.1 – 216.205.91.254
216.245.129.113 – 216.245.129.118


I hope this helps.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Find VLAN ID's 6 39
Cisco switch SVI 17 39
Cisco Sup720 Migrate to Sup2T 5 35
Use Cisco IP phone with Avaya IP office 3 25
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now