Cisco Firewall :: Opening Ports On 5505?
Jan 2, 2013
I am trying to configure a new 5505 but I am having difficulties opening ports that allow traffic in from the outside. My setup is Comcast Business Modem (w/ single static IP) -> ASA (10.0.0.1) -> (dumb) Switch -> NAS (10.0.0.10). I am attemping to open port 5001 to the NAS. I am very new to IOS so I have mostly been working in ASDM. Not sure if I am overcomplicating this for myself or what but I am stuck.
My running config is -
ASA Version 8.2(5)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
[Code].....
View 4 Replies
ADVERTISEMENT
Jun 20, 2011
I am trying to open up 3 TCP ports in Cisco ASDM Launcher:
16000
16001
8098
And have a Cisco ASA 5505 Router. I need these ports open in order for a software that I have installed on the server to communicate with my local client computers for my business, The software is installed on Windows 2008 Server Standard Edition and was installed with MicrosoftSQL 2005. The software and Microsft SQL 2005 is pretty much installed and just requires this last step in order for the server to be connected to the local computers. In order to resolve this, I have gone to.
View 1 Replies
View Related
Feb 25, 2011
I am used to setting up access-lists on outside interfaces with ip addresses that are static. I have recently been given a site that is using a dyndns.org client for name to ip address resolution on an outside interface that is dhcp assigned. I created an access-list to open up ports 41794 and 41795 to an engineering application but everytime I try to connect from the outside I get a syn timeout. The application works when inside the lan. Basically I want to allow outside connections from anywhere on the outside to go to ports 41794 and 41795. I am running a Cisco ASA 5505 on version 7.2(4) Below is my conifg. what I may have misconfigured?
: Saved:ASA Version 7.2(4)!names!interface Vlan1 nameif inside security-level 100 ip address 172.31.2.1 255.255.255.0!interface Vlan2 nameif outside security-level 0 ip address dhcp setroute!interface Ethernet0/0 switchport access vlan 2!interface
[Code].....
View 5 Replies
View Related
Apr 24, 2012
We have a DVR here at work that has a web interface on port 100. From our internal network we just use http:192.168.100.40:100. What is the best way to set that up on cisco 5510 firewall. I have cisco asdm and set a access rule: enabled=checked ; source=any ; destination= 192.168.100.40 ; service= tcp 100 ; action=permit. It shows a couple of hits when I go to [URL]
View 7 Replies
View Related
Oct 2, 2012
I need to open some outbound ports in order for our CCTV company to receive alarms from our internal CCTV Machine.
The ip addresses of the company who access the CCTV are as follows:
213.130.134.56
81.130.198.97
The above are fixed IP addresses. The internal machine is on 192.168.204.170
The outbound ports that I need to open are the following:
TCP
21
23
80
5201
UDP
1025
2074
2075
I have access to the current config if needs be.
View 8 Replies
View Related
Nov 7, 2011
We have just acquired a cisco profile 42 video conferencing equipment and am required to open ports for SIP and H232, any pointers on hw that can be acquired i have a cisco ASA 5510, Some one told me to open port 16384 but i need pointers on how to do it becuase I already set an access list to any.
the config
Internet -> ASA 5510 -> Switch -> Profile 42 and other devices
View 5 Replies
View Related
Apr 5, 2012
my friend was against a wall trying to update her office's system, and it seems like every Cisco person in the region has gone on vacation.For some sort of new system her office is getting, she was told that she needed to enable NAT with external IP xxx.xxx.xxx.14 (The ASA's IP is xxx.xxx.xxx.11) and internal IP xxx.xxx.xxx.58 and that port 8222 needs to be open. I know this is sort of vague, but it's what she was given, and I know the 8222 port is very specific in function,?
At any rate, the best I could come up with was to run:
static (inside,outside) xxx.xxx.xxx.58 xxx.xxx.xxx.14 netmask 255.255.255.255
access-list inbound extended permit tcp any host xxx.xxx.xxx.11 eq www
access-list inbound extended permit tcp any host xxx.xxx.xxx.11 eq https
access-list inbound extended permit tcp any host xxx.xxx.xxx.11 eq 8222
access-list inbound extended permit udp any host xxx.xxx.xxx.11 eq 8222
access-group inbound in interface outside
But after I inserted this, she did what she was supposed to be able to do (went home and tried to run some sort of remote installation file) and it didn't work...
View 8 Replies
View Related
Jun 9, 2013
We have an ASA 5505. 5505 comes with two default vlans 1&2 with each of them marked as inside & outside respectively.My query is , if i do not want to use vlans on 5505 and only want to use the Ethernet ports as pure physical layer 3 ports, is it possible?i.e. i want to assign a layer 3 ip address on eth0/0 and eth0/1 and make them as the inside & outside interfaces rather than vlans. is it possible to do away with vlans in 5505 & will it work otherwise?
View 3 Replies
View Related
Oct 16, 2012
I have been asked to open some ports in order for a CCTV company to connect to an internal CCTV server on our LAN.
We have a Pix running PIX Version 6.3(5) I am ok configuring an ASA for the above but not a Pix.
View 2 Replies
View Related
Apr 20, 2012
What I'm trying to do is to get my Xbox connected to the internet through my router (wired connection), but I want to have my NAT open also. But when I put in a static IP into the Xbox manually and open the ports in my router, it makes it so my Xbox can't connect to Xbox Live at all. Although, if I just leave it to the automatic setting on my Xboxs network options, I can connect just fine. But, I end up having a strict NAT type, unless I restore to factory defaults in the networking options on the Xbox.
View 2 Replies
View Related
Jan 16, 2013
how can I open my port 80, 5000, and 22 in my modem.
View 1 Replies
View Related
Mar 23, 2012
I need opening up some ports for a sftp client at work. software version 8.0 (3) device manager version 6.1 (1)
View 4 Replies
View Related
Jan 25, 2013
I've had this router for a few months after my last one died and I'm now completely unable to port forward. I follow all the steps to port forward but alas the port is still closed every single time. I've tried a few fixes in the past including disabling UPnP, using those auto port forwarding programs, and creating an exception for the port in my fire wall. Nothing has worked!
View 14 Replies
View Related
May 25, 2012
I just purchased a cisco ea4500 I have set up port forwarding for http, https, rdp. however when I run zenmap and port check it fails says port in use. I have set it up in sigle port forwarding, rang and port trigging. I tried RDP and VPN to machine that is hard wired and it fails as well. My windows server is connected as well however RDP fails on there to
View 9 Replies
View Related
Apr 15, 2013
We have a client that is running a PC on a internet over satellite. To avoid any unessecery traffic over the satellite link (data traffic is quite expensive), we've suggested to use a 5505, as we had one handy already.
So basically what we wanted was to block everything outgoing and everything ingoing, except for example port 22 (ssh).
But I'm struggling a bit, since this is my first cisco router to be configured.
My interfaces are as follows.
Outside - DHCP
Inside (port 1) - 192.168.1.1
I'm only running ipv4.
in ASDM I made a static NAT rule for port 22, being forwarded to 192.168.1.5 (the computer)
in Access rules I made under outside (incomming rules) source=any destination=outside service=ssh action=permit
But when I try to add further rules to block everything else, it takes the SSH on port 22 with it. How should I do this the easiest way?
the hardware setup is pretty straight forward.
sat-terminal(with IP 192.168.0.1 running DHCP) -> 5505 (outside IP=DHCP - inside IP=192.168.1.1) -> computer (IP=192.168.1.5)
View 24 Replies
View Related
May 31, 2011
I've an ASA 5505 as my gateway for my internet at home. I've one public IP, so I use Port Address translatetion for my internal clients.
Now i wanna setup a FTP server, on a internal client. I will use Filezilla FTP server. I'm running the FTP server in passive mode, since the FTP server would be behind my ASA firewall/nat device.
I need 50 ports for the passive mode to be running.
I will use port range 50000-50050. I can easy make a firewall rule (access-list) that permit that port range.
But how do I PAT(NAT) a port-range on the ASA device? I can only figure out how to NAT one port at the time.
View 2 Replies
View Related
May 9, 2013
I have an ASA 5505 with ASA version 7.2(2) and ASDM version 5.2(2) and I am attempting to open ports 88 and 5445 and forward them to the IP address of my DVR. This is all new for me. I see several posts for other software version to do this same thing but my version appears to be older?
View 1 Replies
View Related
Nov 7, 2011
I need to forward some ports for remote desktop and remote outlook which I host on an internal server. I have looked all over the web and got close, but no hints on how to do it in the asa 8.2. there is an 8.3 guide, but it is just different enough to not work. I am new to this device and cli.
View 3 Replies
View Related
May 12, 2012
Any simple way of opening ports on a 1841 router.I have a working config for internet traffic. I am looking to boot up my Windows Server and Run IIS.
View 1 Replies
View Related
Mar 10, 2011
I've installed XAMPP on one of my Vista computers, and intend to use it as a server. The internal IP address of the server is A.B.C.D. The internal IP address of the DIR-615 is A.B.C.E. whatsmyip.com says that external address of the server is F.G.H.I (and so is everything else inside my network). I have Filezilla listening on port 21. I've turned Windows Firewall completely off on the server, and my ISP (Time Warner / Road Runner) says that they never block any port.I tried going to the DIR-615 using Port Forwarding, and set ports 21 & 90 to forward to A.B.C.D, for both UDP & TCP, Allow All, Always. That didn't work.I tried going to the DIR-615 using Virtual Server. I set a virtual server on port 21 to A.B.C.D, for both UDP & TCP, Allow All, Always. It made me turn off Port Forwarding, and it wouldn't let me use both 21 & 90 on the same rule, so made two rules. That didn't work either.
I tried setting A.B.C.D as a DMZ host. That still didn't work.I can ftp connect into A.B.C.D from one of the other computers in the network. People outside the network can't connect to F.G.H.I. I can't connect to F.G.H.I. from inside the network. The same is true of Apache (but ports 80, 81 & 443), Ventrilo (but ports 3784 & 6100) and MySQL (but port 3306). I figure that FTP is the easiest to test, so I've been just trying to get that to work.In FileZilla Server Options, I am bound to *, I have no filters, and my passive mode is set to "Retrieve external IP"As far as I can tell, if I've ruled out anything inside my network (by connecting internally), and I've ruled out my ISP (they don't block), then it must be the router. I think I've done port forwarding according to [URL], and it seems like it should be easy, but I've been trying forever and I can never get it to work.
View 3 Replies
View Related
Dec 27, 2011
I'm trying to get the silly iTunes Wi-Fi sync to work , and I've been told to ensure that these ports are open:5297 TCP 5298 TCP/UDP and 5353 UDP in the hardware router. How do I do this with the DIR-655 (HW version A3, FW version 1.35NA)?
View 1 Replies
View Related
Dec 4, 2012
I have a Belkin F5D8233-4v3 N Wireless Router. To get the wireless Directv connection, directv told me I have to get 2 ports open on my router.1701 and LT2P.
View 1 Replies
View Related
May 5, 2013
I'm working on setting up a PBX server in our office, and I'm having trouble getting a port opened for SIP on my ASA 5505.I created static NAT rule for SIP traffic from internal server to the outside IP address.I created access rules on outside interface to forward port 5060 to internal PBX server (192.168.1.8)I also disabled sip packet inspection on the ASA.I'm still receiving a message from the PBX that the firewall is configured incorrectly.
[code]....
View 5 Replies
View Related
Aug 7, 2011
When I do an NMAP scan against my ASA 5505 on it's internal interface's IP address, it appears to be listening on all TCP ports. If I do it from across a VPN tunnel, the ports show as open according to NMAP, if I do the scan from the local subnet they show up as unknown. I'm running 8.0.4 code on this ASA.
View 1 Replies
View Related
May 14, 2012
We've read everything about inspecting SIP packets and allowing them to pass through on port 5060, the default SIP port. However, our setup requires the ASA 5505 to allow SIP on ports 5060, 5160 and 5260.
Is this possible with the ASA 5505? If it's not, it would be a blocking issue for us to move forward with ASA appliances. We are currently investigating in a lab environment and really having difficulties configuring it to facilitate full SIP functionality.
View 1 Replies
View Related
Mar 11, 2011
I have an ASA 5505 running 8.4(1), and I'm configuring it with ASDM 6.4(1). The outside interface is configured with a single static address. I have a few services port forwarded sucessfully to three different servers on the inside network.
I need to make a media proxy on a SIP server available to the outside. It requires a large range of forwarded UDP ports for the media channels.
I tried adding a network object NAT rule like the others I'm already using to forward HTTP and RDP. I entered a range of ports for the real port and the mapped port using the syntax 60000-60999. ASDM accepted it, but the NAT rule list displays "Any" in the service column. When I apply the change, I get the following error:
nat (inside,outside) static interface service tcp 60000-60999 60000-60999
^
ERROR: % Invalid input detected at '^' marker.
How do I forward a large range of UDP ports from the outside interface to a single server on my inside network? I'd like to use ASDM, but I can switch to the CLI if that works better.
View 3 Replies
View Related
Nov 20, 2011
I have a cable modem hooked up to a Linksys WRT54G2 wireless router, which is hardwired to the computer I use.
I go into the router's menu by going through the standard 192.168.1.1 in the browser, and then go to Applications and Gaming. The port I am trying to open is port 25565 for both TCP and UDP. In the Start and End ports I put 25565, and for the end of the IP Address, I put the last digits of my IPv4 address (10). I used a couple of port checker tools, and it is reporting as still being closed.
View 9 Replies
View Related
Oct 21, 2011
I am in search of a new routers. I don't have any special task to do. Just the flow of maximum 2mb/sec data and some times video conference. However I need the Voip solution as well. I just got excited on the cisco ASA 5505 product. Can this fulfill my requirements. Can this work as the router 1841. Does this support DMVPN, SSL VPN and dynamic routing. Can I upgrade the IOS for dynamic routing purpose. Do you recommend to purchase this produe act or not instead of router ? What are the limitations of this product. If I purchase this I can use this as an router as well as strong security solution. How many ports are available for traffic flow in ASA 5505. Are all routed mode or some of them switch port.
View 1 Replies
View Related
Oct 12, 2011
How to list ports open on Cisco ASA 5505 appliance? I have tried to see using Cisco ASDM launcher, but no luck.
View 1 Replies
View Related
Jun 22, 2011
I'm stuck at asa 5505 nat, port forwarding configuration Here is what i need:
host1: 192.168.1.1 service tcp/100 >>>>> public ip 1.1.1.1 service tcp/100
host2: 192.168.1.2 service tcp/200 >>>>> public ip 1.1.1.1 service tcp/200
host3: 192.168.1.3 service tcp/300 >>>>> public ip 1.1.1.1 service tcp/300
So people from remote just need to use 1.1.1.1 public ip to access all the ports on three different inside server.I can do this on my old ASA 5505 with 8.0(4). Looks like there're lots of change from 8.0 to 8.4.
View 7 Replies
View Related
Jan 16, 2013
We have a client that has a Cisco 1801W Firewall that is setup as a site to site VPN terminating to a Cisco ASA 5505. The tunnel is up and established, I can ping from both sides of the tunnel.
The problem is the clients behind the Cisco ASA (192.168.2.x) cannot reach certain ports behind the Router (192.168.1.x). The main thing we're trying to do is browse via UNC path (ex: \192.168.1.120 from a 192.168.2.x machine).
I got 3389 working after I changed the - ip nat inside source static tcp 192.168.1.120 3389 y.y.x.x 3389 route-map DM_RMAP_1 extendable Modified the command to include the public IP instead of interface FastEthernet0
I believe it has something to do with the way NAT and route-maps are setup currently but I'm not familar enough with them to make the changes. I worked with Cisco to ensure the VPN tunnel was fine and it's something security related on the Router.
Here is the configuration (removed a few lines not necessary. y.y.x.x = WAN IP of Router x.x.y.y = WAN IP of ASA).
Building configuration...
Current configuration : 23648 bytes
!
version 12.4
no service pad
[Code].....
View 1 Replies
View Related
Jun 21, 2011
I'm having an issue on my Pix 501- ver. 6.3(5) firewall when host 192.168.1.2 accessing any website, no website is opening and when i issue command sh xlate so don't see anything and i think i must enable natting on this firewall as same as on ASA nat-control
[code]....
View 5 Replies
View Related
Jan 23, 2013
Where a 5510 running 7.2.4 code and being accessed via a web browser, stops initializing the main window at 87%?We can access the box via telnet and the CPU is running at 5%. The other error message is a warning the our OS is not supported by ASDM and we may encounter problems running the application.
View 3 Replies
View Related
