Announcement

Collapse
No announcement yet.

Cisco ASA Neewbie question, add outbound allow rule

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco ASA Neewbie question, add outbound allow rule

    Let me start off by saying I am a developer and my networking/configuration experience is minimal at best compared to you guys in these forums. Simply put a client has a server in a hosting env that they are wanting to add to some 3rd party backup they have. So the server is behind a PIX firewall and they need the server to be able connect to their backup server on port 445 and 1139.
    So is adding the following to the ACL enough to accomplish this?
    access-list outside_access_in line 46 permit tcp any any eq 445
    access-list outside_access_in line 46 permit tcp any any eq 1139

    Keep in mind I have limited experience with this and just need to make this change once and then I'm back out the network world.
    Here is the current ACL

    access-list outside_access_in line 1 permit tcp any any eq ftp-data (hitcnt=0)
    access-list outside_access_in line 2 permit tcp any any eq ftp (hitcnt=1)
    access-list outside_access_in line 3 permit tcp any any eq ssh (hitcnt=17)
    access-list outside_access_in line 4 permit tcp any any eq 42 (hitcnt=0)
    access-list outside_access_in line 5 permit udp any any eq nameserver (hitcnt=0)
    access-list outside_access_in line 6 permit tcp any any eq domain (hitcnt=3)
    access-list outside_access_in line 7 permit udp any any eq domain (hitcnt=0)
    access-list outside_access_in line 8 permit tcp any any eq www (hitcnt=52189)
    access-list outside_access_in line 9 permit tcp any any eq pop3 (hitcnt=0)
    access-list outside_access_in line 10 permit tcp any any eq https (hitcnt=5347)
    access-list outside_access_in line 11 permit tcp any any eq 465 (hitcnt=0)
    access-list outside_access_in line 12 permit tcp any any eq 587 (hitcnt=0)
    access-list outside_access_in line 13 permit tcp any any eq 995 (hitcnt=0)
    access-list outside_access_in line 14 permit tcp any any eq 993 (hitcnt=0)
    access-list outside_access_in line 15 permit tcp any any eq 3389 (hitcnt=10)
    access-list outside_access_in line 16 permit tcp any any eq 8443 (hitcnt=980)
    access-list outside_access_in line 17 permit tcp any any eq 9999 (hitcnt=0)
    access-list outside_access_in line 18 permit tcp any any eq 2086 (hitcnt=0)
    access-list outside_access_in line 19 permit tcp any any eq 2087 (hitcnt=0)
    access-list outside_access_in line 20 permit tcp any any eq 2082 (hitcnt=0)
    access-list outside_access_in line 21 permit tcp any any eq 2083 (hitcnt=0)
    access-list outside_access_in line 22 permit tcp any any eq 2096 (hitcnt=0)
    access-list outside_access_in line 23 permit tcp any any eq 2095 (hitcnt=0)
    access-list outside_access_in line 24 deny tcp any any eq telnet (hitcnt=
    access-list outside_access_in line 25 permit tcp any any eq smtp (hitcnt=11)
    access-list outside_access_in line 26 deny tcp any any eq imap4 (hitcnt=0)
    access-list outside_access_in line 27 deny tcp any any eq 1433 (hitcnt=1029)
    access-list outside_access_in line 28 deny tcp any any eq 9080 (hitcnt=0)
    access-list outside_access_in line 29 deny tcp any any eq 9090 (hitcnt=9)
    access-list outside_access_in line 30 permit icmp any any echo-reply (hitcnt=0)
    access-list outside_access_in line 31 permit icmp any any source-quench (hitcnt=0)
    access-list outside_access_in line 32 permit icmp any any unreachable (hitcnt=20)
    access-list outside_access_in line 33 permit icmp any any time-exceeded (hitcnt=0)
    access-list outside_access_in line 34 permit tcp any any eq 3306 (hitcnt=37)
Working...
X