how to open port for inbound traffic on ASA 5505 (8.2)

i want to allow a port on ASA 5505 (8.2) from outside.
i created this ACL for this.
access-list outside_access_in extended permit tcp any interface outside eq 10200 log

access-group outside_access_in in interface outside.

but it doesn't work.
Please help.

Thanks
Rashad MehmoodAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joseph HornseyPresident and JanitorCommented:
You need to specify which address internally is receiving that traffic.
0
Joseph HornseyPresident and JanitorCommented:
I'm not sure about 8.2... but this is how you do this currently (I can go back and look at some of my old configs if this doesn't work and give you the correct syntax):

Create a network object for the private server address:

object network Private.Server 
 host 192.168.1.1

Open in new window


Create a network object for the public server address:

object network Public.Server
 host 1.2.3.4

Open in new window


Add the entry to your ACL:

access-list Inbound.Traffic extended permit tcp any object Private.Server eq 10200 log

Open in new window


Create a static mapping:

object network Private.Server
 nat (inside,outside) static Public.Server

Open in new window


Apply the access list to your interface:

access-group Inbound.Traffic in interface outside

Open in new window


I'll go look and see if that's the case for 8.2.  I don't think it is... I think 8.3 was the big version upgrade that changed everything.
0
Joseph HornseyPresident and JanitorCommented:
Actually, for 8.2 it was different.  No network objects.

So, do this:

Create your ACL for the public IP address:

access-list MainACL extended permit tcp any host 1.2.3.4 eq 10200 log

Open in new window


Create the static mapping:

static (inside,outside) 1.2.3.4 192.168.1.1 netmask 255.255.255.255

Open in new window


Apply the ACL to your outside interface:

access-group MainACL in interface outside

Open in new window


That should work.  Let me know.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Rashad MehmoodAuthor Commented:
Thanks Joseph for reply,
where i can specify internal address receiving this address.

internet------------->[90.81.41.9]ASA[192.168.0.1]-----------------[192.168.0.11] Local machine.

  my internal addresses is 192.168.1.10/24.

where i have to specify this address?

would be greatful for reply.
0
Joseph HornseyPresident and JanitorCommented:
For your particular configuration:

access-list MainACL extended permit tcp any host 90.81.41.9 eq 10200 log

static (inside,outside) 90.81.41.9 192.168.0.11 netmask 255.255.255.255

access-group MainACL in interface outside

Open in new window


In the future, it's highly recommended you don't publish information specific to your network.

Give this a shot and let me know how it goes.
0
Rashad MehmoodAuthor Commented:
I do care of this.. these are not real IPs.

i applied the configuration , but upon configuring line 3, i get the following error.

static (inside,outside) 90.81.41.9 192.168.0.11 netmask 255.255.255.255

ERROR: Static PAT using the interface requires the use of the 'interface' keyword instead of the interface IP address
0
Rashad MehmoodAuthor Commented:
Thanks , i got the solution,
i used following command for NAT and it worked for me.
static (inside,outside) tcp interface 1020 192.168.0.11 10200 netmask 255.255.255.255


really appreciate your help
0
Joseph HornseyPresident and JanitorCommented:
My pleasure... sorry I missed the syntax on that command.  It's been years and years since I looked at 8.2.  :)
0
Joseph HornseyPresident and JanitorCommented:
Gave the information needed for author to find solution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.