testing of asa5505 if firewall deny access from outside

Unanswered Question
May 12th, 2008
User Badges:

Hi,


I was able to setup our ASA5505. Internet modem connected to firewall (outside) and used one port for the modem and another port (outside) for the web server LAN card. The internet is passing ok from internet to our web server (second NIC of server is connected to our LAN). How do i test if the firewall actually blocks coming in?

The outside security is set at 0.


thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Tue, 05/13/2008 - 08:11
User Badges:
  • Purple, 4500 points or more

Enable debug on logging and test it with a port scan. You should see some denies.


Here's an example-


show log | i Deny


%ASA-4-106023: Deny udp src dmz:[destination IP]/53 dst outside:[source IP]/53 by access-group "dmz_inside_access"


Hope that helps

Actions

This Discussion