?
Solved

Need help allowing traffic through on an ASA 5510 to TCP ports that are not preconfigured

Posted on 2014-10-01
2
Medium Priority
?
408 Views
Last Modified: 2014-10-23
Hello.  I do not see how to add new TCP ports that are not on the preconfigured list, to an ASA 5510, via ASDM.  I need to allow traffic through to a specific IP on ports 8000, and 10554.  I see there's an ADD function, but am not sure how to fill that screen in for these.  Looking for some guidance.  Thanks
0
Comment
Question by:Damian_Gardner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 32

Accepted Solution

by:
aleghart earned 2000 total points
ID: 40356288

Configuration > Firewall > Objects > Service Objects/Groups


Add > IP Service Object

Name:  Project_ABC_8000 (can't use spaces)
Service Type: tcp (usually for applications...or udp,..you should know).
Destination Port Range: 8000
Source Port Range: (default/blank)
Description: port 8000 for Project ABC http (or whatever protocol it is)

Add > IP Service Object

Name:  Project_ABC_10554
Service Type: tcp
Destination Port Range: 10554
Source Port Range: (default/blank)
Description: port 10554 for Project ABC management (or whatever protocol it is)

Hit the [Apply] button.  These new service objects will not exist until you hit [Apply].  This is the number one mistake with custom services.

Add > IP Service Group

Group Name: Project_ABC_service_group
Description: custom ports for Project ABC

Choose your two new service objects and move them to the right side (Members in Group) with the [Add>>] button.
Choose pre-defined 'ICMP 4 echo' and [Add>>].  This will let you ping the target during troubleshooting.  You can always remove it later.
[OK]
[Apply]

Choose any one of these methods to save:
Hit the floppy-disk icon.
File > Save Running Configuration to Flash.
Hit Control-S.

Now, you only need to reference this service group.  You can stack up dozens of pre-defined or custom services.  You can also nest other service groups inside of a service group.

So, if you have a group made for HTTP(s) services, and another for FTP(s) services, and a third for custom HTTP ports...you can create a service group called "Project_XYZ_public_services" that includes those other groups...plus ICMP 4 echo for ping.
0
 

Author Comment

by:Damian_Gardner
ID: 40357100
Aleghart - thanks for your help.  I will try this.
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question