Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
345
Views
0
Helpful
6
Replies

Ports on ASA

Faizan Shaikh
Level 1
Level 1

‎06-30-2009 03:40 PM - edited ‎03-04-2019 05:17 AM

Hi Friends,

Is there anyway to check the open ports for hosts on ASa?

If I have opened a port 443 for some ip addresses attaches to PIX. Would it be possible for me to check the access to ports from those ip addresses from ASA directly.

Thanx in Advance!

Labels:
0 Helpful
6 Replies 6

mvsheik123
Level 7
Level 7

‎06-30-2009 04:06 PM

Hi,

you want to find the open ports on the ASA. is that correct..?

If you have configuration for the ASA with you that makes it easy. If not but still want to find the open ports, then run a scan (TCP & UDP)from outside (to find ports opened from outside).

hth

MS

**Rate helpful posts**

0 Helpful

Faizan Shaikh
Level 1
Level 1
In response to mvsheik123

‎06-30-2009 04:13 PM

mvsheik123,

Lemme give you an example.

Suppose I have 10.10.10.10 and 10.10.10.20 attached to an ASA.

I have opened port 443 for both of them to an external IP say : 204.13.25.36.

I am logged into ASA and I want to check whether my configuration are correct or not.

Indirectly I want to check the connection from 10.10.10.10 and 10.10.10.20 to 204.13.25.36 via port 443 from ASA.

is that possible?

Thanx!

0 Helpful

mvsheik123
Level 7
Level 7
In response to Faizan Shaikh

‎07-01-2009 08:09 AM

Not that Iam aware of. lets see if Gurus in the forum can shed some light.

Thx

MS

**Rate helpful Posts**

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Faizan Shaikh

‎07-01-2009 11:13 AM

Hello Faizan,

if it as on routers you could use

telnet 204.13.25.36 443 /source intf-name

where intf-name is the interface where 10.10.10.x machines are connected

Hope to help

Giuseppe

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Giuseppe Larosa

‎07-01-2009 11:19 AM

Guiseppe

Just for your info, you can't telnet from the ASA or pix firewall. This is a security feature.

Faizan

Have a look at the packet tracer command -

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/p.html#wp1913020

Jon

0 Helpful

Faizan Shaikh
Level 1
Level 1
In response to Jon Marshall

‎07-01-2009 12:41 PM

Hello Friends,

I have thought that I can check connectivity as we do in router by using 'extended ping' command where we can ping from an internal source address.

It seems we need to log into the individual hosts connected to ASA to check for the open ports.

It doesn't seems that ASA can check directly.

Anyway,

I have one more query regarding port configurations.

Where do we require Natting on PIX and ASA with respect to inbound and outbound connections?

Inbound? outbound? both? or none?

Regards,

Faizan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card