06-30-2009 03:40 PM - edited 03-04-2019 05:17 AM
Hi Friends,
Is there anyway to check the open ports for hosts on ASa?
If I have opened a port 443 for some ip addresses attaches to PIX. Would it be possible for me to check the access to ports from those ip addresses from ASA directly.
Thanx in Advance!
06-30-2009 04:06 PM
Hi,
you want to find the open ports on the ASA. is that correct..?
If you have configuration for the ASA with you that makes it easy. If not but still want to find the open ports, then run a scan (TCP & UDP)from outside (to find ports opened from outside).
hth
MS
**Rate helpful posts**
06-30-2009 04:13 PM
mvsheik123,
Lemme give you an example.
Suppose I have 10.10.10.10 and 10.10.10.20 attached to an ASA.
I have opened port 443 for both of them to an external IP say : 204.13.25.36.
I am logged into ASA and I want to check whether my configuration are correct or not.
Indirectly I want to check the connection from 10.10.10.10 and 10.10.10.20 to 204.13.25.36 via port 443 from ASA.
is that possible?
Thanx!
07-01-2009 08:09 AM
Not that Iam aware of. lets see if Gurus in the forum can shed some light.
Thx
MS
**Rate helpful Posts**
07-01-2009 11:13 AM
Hello Faizan,
if it as on routers you could use
telnet 204.13.25.36 443 /source intf-name
where intf-name is the interface where 10.10.10.x machines are connected
Hope to help
Giuseppe
07-01-2009 11:19 AM
Guiseppe
Just for your info, you can't telnet from the ASA or pix firewall. This is a security feature.
Faizan
Have a look at the packet tracer command -
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/p.html#wp1913020
Jon
07-01-2009 12:41 PM
Hello Friends,
I have thought that I can check connectivity as we do in router by using 'extended ping' command where we can ping from an internal source address.
It seems we need to log into the individual hosts connected to ASA to check for the open ports.
It doesn't seems that ASA can check directly.
Anyway,
I have one more query regarding port configurations.
Where do we require Natting on PIX and ASA with respect to inbound and outbound connections?
Inbound? outbound? both? or none?
Regards,
Faizan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: