2

I need to allow traffic through TCP/1494 and TCP/2598 (inbound & outbound) to IP range 10.1.25.1 to 10.1.25.254 within a Cisco ASA 5505.

Can someone please help me with this?

Under Cisco ADSM 6.0 for ASA I can add a network object with one IP address, but not a range.

Add Network Object

Thanks!

Ash
  • 448
  • 2
  • 9
  • 31
  • first google hit, looks relevant: https://supportforums.cisco.com/thread/2042902 – Sirex Aug 05 '13 at 04:14
  • 1
    "allow inbound & outbound traffic" can you be ***much more specific*** about what you mean here? Please edit the details in and Flag the question to be re-opened. Thank you! Also see [How can I ask better questions on Server Fault](http://meta.serverfault.com/questions/3608/how-can-i-ask-better-questions-on-server-fault). – Chris S Aug 05 '13 at 04:29
  • I also come across https://supportforums.cisco.com/thread/2042902. Surely I don't have to add each IP address in as a network object one at a time?! – Ash Aug 05 '13 at 06:19
  • What version of the ASA software is this? – pauska Aug 05 '13 at 07:53
  • Cisco ASDM 6.0 for ASA. – Ash Aug 06 '13 at 00:38
  • I think you need to do some [Networking 101](http://serverfault.com/q/49765/7709) - what you're looking at there *is* a range. E.G. `10.1.25.0/255.255.255.0` is every address from `10.1.25.0` -> `192.168.10.255` – Mark Henderson Aug 06 '13 at 00:47

1 Answers1

4

Select something else than "host" when creating a network object.

Examples (from ASDM 7.1, but it's the same for ASDM 6)

Add Network Object as a different type

enter image description here

Notice that I added a network with a /24 bit (255.255.255.0) netmask instead of a range, since you already wanted to specify a full subnet. You could select range instead if you want to, but in this case it's much cleaner to use a subnet mask.

pauska
  • 19,532
  • 4
  • 55
  • 75
  • Unfortunately I don't have this option for Type, probably due to the old software / firmware (I just added a screenshot to the original post). I think this network object needs to be added via the command line perhaps, I'm just not sure how. – Ash Aug 06 '13 at 00:36
  • You do have the same type, you just have to use a different netmask. 255.255.255.0 is /24 bit (as in .1 to 254), 255.255.255.255 is /32 bit (a single host) etc. Just learn subneting and you're fine. – pauska Aug 06 '13 at 06:32