jamiegf
asked on
cisco firewall asdm - need to allow a port on an IP address
Hi there.
I'm using the asdm (version 5) of a Cisco ASA 5520 firewall.
I am trying to allow access from any external IP address to access a server on port 8172.
I already have a NAT rule to translate from external IP address (1.2.3.4) to internal (192.168.1.10) this works fine for accessing port 80 etc from the outside world.
What steps do I need to take as I have tried adding access rules to allow to this port but i still cant telnet there.
Also, do I need to do anything with port forwarding or is this not relevant for the above?
I'm using the asdm (version 5) of a Cisco ASA 5520 firewall.
I am trying to allow access from any external IP address to access a server on port 8172.
I already have a NAT rule to translate from external IP address (1.2.3.4) to internal (192.168.1.10) this works fine for accessing port 80 etc from the outside world.
What steps do I need to take as I have tried adding access rules to allow to this port but i still cant telnet there.
Also, do I need to do anything with port forwarding or is this not relevant for the above?
ASKER
NAT rules only specify IP addresses.
I have tried adding security policies and also editing pre exisiting Service Groups to include my port number but i still cannot telnet to the port.
I have tested the other ports which work and do not work - these are behaving correctly.
I have also tried adding different protocols / ports but anything i add doesnt seem to come into effect .
I have tried adding security policies and also editing pre exisiting Service Groups to include my port number but i still cannot telnet to the port.
I have tested the other ports which work and do not work - these are behaving correctly.
I have also tried adding different protocols / ports but anything i add doesnt seem to come into effect .
Did you check that the port is open on the server?
ASKER
Hi Asavener. Yes, i forgot to mention that. Windows firewall is turned off.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
"Can you successfully telnet to the port when you're inside the network?"
No - i couldnt, which told me the app is not working as it should.
I set up a website and gave it port 8172 to test my firewall rules; it works fine.
Thanks for your help Asavener :)
No - i couldnt, which told me the app is not working as it should.
I set up a website and gave it port 8172 to test my firewall rules; it works fine.
Thanks for your help Asavener :)
If your NAT rules specify port numbers, then you need to add a NAT rule for the new port in addition to editing the ACL.
If your NAT rules only specify IP addresses, then editing the ACL should be enough to allow the traffic.
And make sure that the port is actually active on the server, and is not blocked by a local firewall. If it's a Windows box, run "netstat -ano | find ":<port>" to see if the server is listening on the correct port. Then check the Windows firewall.