This really isn't CCIE study related but I'll be nice and throw you a bone.
Looking at your link, I don't think you need to allow that traffic inbound,
you need to allow your inside hosts to access their servers on those ports
outbound.
One major thing to take in consideration is the version of your ASA. Cisco
made major changes to the access-list and NAT configurations in version
8.3. So your code above would work for version 8.2 and lower but would be
incorrect for 8.3 and higher. In 8.3 and higher you would use the internal
address instead of the outside address.
You probably already have a nat rule in place doing PAT for your inside
hosts to the outside IP. By default your inside interface allows all
traffic to lower security interfaces so this traffic would be permitted.
Your FW guy might have changed this though. Look for an outgoing
access-list and see if it has a deny any any rule at the end. If so I think
your rules should look something like this for version 8.3 and higher
access-list Outgoing extended permit tcp 192.168.0.0 255.255.0.0 any eq 5061
access-list Outgoing extended permit tcp 192.168.0.0 255.255.0.0 any eq
8057
access-list Outgoing extended permit udp 192.168.0.0 255.255.0.0 any eq
3478
access-list Outgoing extended permit tcp 192.168.0.0 255.255.0.0 any eq
range 50000 59999
access-list Outgoing extended permit udp 192.168.0.0 255.255.0.0 any eq
range 50000 59999
You can also use the packet-tracer command to see if your hosts have the
access you expect.
Hopefully that gets you pointed in the right direction, if not my
consulting rate is $125/Hr and I accept paypal.
-Marc
On Thu, Dec 6, 2012 at 12:55 PM, 6PE_2.0 <spycharlies_at_gmail.com> wrote:
> Hello Mates, i have got a requirement to open ports on our ASA for
> Microsoft live meeting 2007. My ASA knowledge is very limited! and our
> firewall expert is temporarily unavailable
>
> I have consulted Microsoft documentation, which says certain ports / IP's
> etc.. needs to be open
>
> http://support.microsoft.com/kb/2312151
>
> Assuming my public Ip is 1.1.1.1 and my inside range is 192.168.0.0/16.
>
> I have a rule for outside coming in with the following ...
>
> access-list outside_coming_in extended permit tcp any host 1.1.1.1 eq 5061
> access-list outside_coming_in extended permit tcp any host 1.1.1.1 eq 8057
> access-list outside_coming_in extended permit udp any host 1.1.1.1 eq 3478
> access-list outside_coming_in extended permit tcp any host 1.1.1.1 eq range
> 50000 59999
> access-list outside_coming_in extended permit udp any host 1.1.1.1 eq range
> 50000 59999
>
>
> Secondly, i know i need to permit Inside going out, as well as
> inside/outside NAT requirement. This is where i am stuck! I am currently
> going through Cisco documentation as well as online forums to give
> me leads. Any input including links will be appreciated.
>
> Thanks
>
> Charlie
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Marc Abel CCIE #35470 (Routing and Switching) Blogs and organic groups at http://www.ccie.netReceived on Thu Dec 06 2012 - 13:33:53 ART
This archive was generated by hypermail 2.2.0 : Tue Jan 01 2013 - 09:36:53 ART