Announcement

Collapse
No announcement yet.

Add allow rule via ASDM on ASA 5510

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Add allow rule via ASDM on ASA 5510

    Hi,
    I am new to this forum. I was recently started a new job and they have an ASA 5510. I have never used this device before. We are upgrading our spam filter software and it will require us to create a an allow rule to allow outbound traffic to *.mail-filters.com on port 25080. How would I go about doing this?

    I have found information on allowing certain IP addresses but cannot find out how to do this by port number. I do not want to wreck the infrastructure here considering I am the new guy.

    P.S. The person who set this entire network up no longer works here and left no documentation.

    I appreciate any help you can give me.

    Thank you.

  • #2
    Re: Add allow rule via ASDM on ASA 5510

    Hmm, never used the ASDM but may be able to do this from command line if you fancy a shot?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Add allow rule via ASDM on ASA 5510

      Sure I can give it a shot from the command line.

      Comment


      • #4
        Re: Add allow rule via ASDM on ASA 5510

        Can you try telnetting to the box first to see if we have access?
        If that doesn't work download PuTTY (LINK)
        and try connecting to 22 (SSH).
        You should be prompted for a login.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: Add allow rule via ASDM on ASA 5510

          I can telnet into it.

          Comment


          • #6
            Re: Add allow rule via ASDM on ASA 5510

            Splendid, I'm concious I don't want to be too basic but you can use
            Code:
             
            enable
            show run
            to show the current config.

            As this is Inside going Outside then we need to see what access-lists you have setup to stop traffic outbound.
            Can you see anything starting access-list?
            If you want you can post them here or PM me. If posting thenchange any external IP addresses just to make sure.
            cheers
            Andy

            Please read this before you post:


            Quis custodiet ipsos custodes?

            Comment


            • #7
              Re: Add allow rule via ASDM on ASA 5510

              I will pm you Andy
              Last edited by greenmind; 17th April 2009, 13:28. Reason: Just in case they were live addresses

              Comment


              • #8
                Re: Add allow rule via ASDM on ASA 5510

                Sorry, there is a bit more too!
                Press space or enter to get more onscreen.
                cheers
                Andy

                Please read this before you post:


                Quis custodiet ipsos custodes?

                Comment


                • #9
                  Re: Add allow rule via ASDM on ASA 5510

                  I will pm you

                  Comment


                  • #10
                    Re: Add allow rule via ASDM on ASA 5510

                    Hi,
                    I've had a look through the config and, assuming I didn't miss something whilst pasting them all together (), then there appears to be no access-lists bound to the internal interface. The PIX/ASA allow all traffic from high security to low security assuming there is a way to get there. I would imagine based on this that it should already be working. You could try telnet to see if you get a response?

                    I would suggest at some point that an ACL is setup to block at least port 25 traffic outbound though.
                    cheers
                    Andy

                    Please read this before you post:


                    Quis custodiet ipsos custodes?

                    Comment


                    • #11
                      Re: Add allow rule via ASDM on ASA 5510

                      Thank you Andy. How would I set up an ACL to block port 25 traffic outbound?

                      Comment


                      • #12
                        Re: Add allow rule via ASDM on ASA 5510

                        There would probably be one host that you want to allow out so something like
                        Code:
                        access-list inside_out permit tcp host 10.0.0.2 any eq smtp
                        access-list inside_out deny tcp any any eq smtp
                        access-list inside_out permit ip any any
                        access-group inside_out in interface inside
                        The basics are:
                        Line 1: permit tcp port 25 traffic from 10.0.0.2 to any external IP address.
                        Line 2: deny tcp port 25 from every other host to any external IP address.
                        Line 3: allow all other traffic to pass.
                        Line 4: The access list has to be bound to an interface. This line basically says bind access-list "inside_out" to the inside interface inbound.

                        Obviously you could restrict more, for example add in allow udp 53 to certain servers only, allow http to certain hosts or only from certain hosts, deny ftp etc.
                        Access-Lists are read top down so if it matches then the traffic is processed.
                        cheers
                        Andy

                        Please read this before you post:


                        Quis custodiet ipsos custodes?

                        Comment


                        • #13
                          Re: Add allow rule via ASDM on ASA 5510

                          Thank you Andy!

                          Comment


                          • #14
                            Re: Add allow rule via ASDM on ASA 5510

                            No probs! Did it work how you wanted?
                            You can add additional things in as well if you want (i.e. restrict http traffic so it is only from certain hosts etc).
                            cheers
                            Andy

                            Please read this before you post:


                            Quis custodiet ipsos custodes?

                            Comment


                            • #15
                              Re: Add allow rule via ASDM on ASA 5510

                              Is it possible to block certain websites via the ASA 5510?

                              Comment

                              Working...
                              X