08-18-2008 03:24 AM - edited 03-11-2019 06:32 AM
-use the access-list permit tcp any any
thats what the security consultant told me to put at the end of the access-list and from there find out what are the ports used and convert it to specific access-list.
QUESTION: how to find the ports passed thru the any any command?
THANKS
08-18-2008 04:17 AM
Celso,
That command overides the deny any any rule applied to all access-lists.
You could also have:-
access-list deny tcp any any log
Then when you test whatever you are testing, you will see the specific tcp src & dst port numbers in questions.
You could also use what the consulant advised, with the log comment on the end, but while you are testing - this comment allows ALL traffic....so say you apply this config to the outside interface, for the period of testing - your firewall is just a pass-thru device, leaving you open to attack.
HTH>
08-19-2008 02:01 AM
thats exactly the purpose. it will match the any any at the end of the access-list and from that, we wanted to see what are this ports that passed thu and define it explicitly..onece all is explicitly defined then only we can remove the any any..we dont want to block any coz its on production...
08-18-2008 11:11 AM
There are two easy ways to do this. Get a full/trial version of fireplotter (fireplotter.com) and then analyze the traffic flow. It really is a wonderful software.
Otherwise get a syslog analysis tool like Sawmill and analyze the firewalls syslogs using it. Doing this manually will kill you basically :) The Cisco firewall generates a lot of logs! Or you can use a free syslog server (preferably UNIX) and 'grep' the right data out of it.
Regards
Farrukh
08-19-2008 02:06 AM
already runned some software and already gathered almost all needed. we are on the process of filtering and its on production..because of that we want to put the any any so the legitimate traffics wont be blocked on the process.
from the permit any any, we wanted to dig into the traffic match and explicitly define on the ACE. how to dig into it is just the issue here.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: