Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 426
  • Last Modified:

Need help allowing traffic through on an ASA 5510 to TCP ports that are not preconfigured

Hello.  I do not see how to add new TCP ports that are not on the preconfigured list, to an ASA 5510, via ASDM.  I need to allow traffic through to a specific IP on ports 8000, and 10554.  I see there's an ADD function, but am not sure how to fill that screen in for these.  Looking for some guidance.  Thanks
0
Damian_Gardner
Asked:
Damian_Gardner
1 Solution
 
aleghartCommented:

Configuration > Firewall > Objects > Service Objects/Groups


Add > IP Service Object

Name:  Project_ABC_8000 (can't use spaces)
Service Type: tcp (usually for applications...or udp,..you should know).
Destination Port Range: 8000
Source Port Range: (default/blank)
Description: port 8000 for Project ABC http (or whatever protocol it is)

Add > IP Service Object

Name:  Project_ABC_10554
Service Type: tcp
Destination Port Range: 10554
Source Port Range: (default/blank)
Description: port 10554 for Project ABC management (or whatever protocol it is)

Hit the [Apply] button.  These new service objects will not exist until you hit [Apply].  This is the number one mistake with custom services.

Add > IP Service Group

Group Name: Project_ABC_service_group
Description: custom ports for Project ABC

Choose your two new service objects and move them to the right side (Members in Group) with the [Add>>] button.
Choose pre-defined 'ICMP 4 echo' and [Add>>].  This will let you ping the target during troubleshooting.  You can always remove it later.
[OK]
[Apply]

Choose any one of these methods to save:
Hit the floppy-disk icon.
File > Save Running Configuration to Flash.
Hit Control-S.

Now, you only need to reference this service group.  You can stack up dozens of pre-defined or custom services.  You can also nest other service groups inside of a service group.

So, if you have a group made for HTTP(s) services, and another for FTP(s) services, and a third for custom HTTP ports...you can create a service group called "Project_XYZ_public_services" that includes those other groups...plus ICMP 4 echo for ping.
0
 
Damian_GardnerAuthor Commented:
Aleghart - thanks for your help.  I will try this.
0

Featured Post

Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now