cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
271
Views
5
Helpful
4
Replies

ports passed thru the any any command?

cfajardo1_2
Level 1
Level 1

-use the access-list permit tcp any any

thats what the security consultant told me to put at the end of the access-list and from there find out what are the ports used and convert it to specific access-list.

QUESTION: how to find the ports passed thru the any any command?

THANKS

4 Replies 4

andrew.prince
Level 10
Level 10

Celso,

That command overides the deny any any rule applied to all access-lists.

You could also have:-

access-list deny tcp any any log

Then when you test whatever you are testing, you will see the specific tcp src & dst port numbers in questions.

You could also use what the consulant advised, with the log comment on the end, but while you are testing - this comment allows ALL traffic....so say you apply this config to the outside interface, for the period of testing - your firewall is just a pass-thru device, leaving you open to attack.

HTH>

thats exactly the purpose. it will match the any any at the end of the access-list and from that, we wanted to see what are this ports that passed thu and define it explicitly..onece all is explicitly defined then only we can remove the any any..we dont want to block any coz its on production...

Farrukh Haroon
VIP Alumni
VIP Alumni

There are two easy ways to do this. Get a full/trial version of fireplotter (fireplotter.com) and then analyze the traffic flow. It really is a wonderful software.

Otherwise get a syslog analysis tool like Sawmill and analyze the firewalls syslogs using it. Doing this manually will kill you basically :) The Cisco firewall generates a lot of logs! Or you can use a free syslog server (preferably UNIX) and 'grep' the right data out of it.

Regards

Farrukh

already runned some software and already gathered almost all needed. we are on the process of filtering and its on production..because of that we want to put the any any so the legitimate traffics wont be blocked on the process.

from the permit any any, we wanted to dig into the traffic match and explicitly define on the ACE. how to dig into it is just the issue here.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: