11-08-2008 01:14 PM - edited 03-11-2019 07:10 AM
Hi,
I'm using nmap and Nessus to port scan the external facing IP range of my ASA. When I port scan the "outside" IP my syslog server fills up with deny errors which is great. However I have other external IP's which are NAT'd to webservers on my Cisco 3750 which is trunked of the ASA and these never appear in the syslog server.
It could be just my understanding but the firewall's ACL's/ACE's are doing all the blocking so shouldn't the deny's be appearing in the ASDM console or syslog server saying they have denied access from a remote IP? It only shows the firewalls "outside" interface IP.
My "outside" interface is simply connected to our ISP's Cisco Internet router and we have 20 public IP's to assign to various roles like webserver etc.
11-08-2008 09:17 PM
Hi, Please try to add ICMP inspection in default_inspection.
Ray
11-09-2008 12:01 AM
Hello,
This is what I already have:
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect http
inspect ils
inspect pptp
inspect icmp
inspect icmp error
11-09-2008 12:07 AM
Can you please post your conf?
11-09-2008 12:17 AM
What parts do you need as I have to rename so much for security reasons?
Do you think the ASA should be picking up these ports scans which are "aimed" at other devices, which go through the ASA?
11-09-2008 12:28 AM
It depends on your configuration that what you have allowed or denied. Pl. post your conf and you can hide or change details.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: