Identify Application ports

Unanswered Question
Oct 28th, 2009
User Badges:

Hi, ASA 5520 with access-list on INSIDE Interface. There is trading application need by a user on LAN where ports are unknown and needs to be opened.

How to identify the ports. On ACL inside if I add permit any any it works.


All http traffic is not passing the firewall its via Squid.


Any Help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Wed, 10/28/2009 - 14:30
User Badges:
  • Cisco Employee,

Configure a capture on the inside for this specific host that uses that trading application to the tradig server, something like:


access-list capture permit ip host (client) host (server)

capture cap access-list capture interface inside


Then ask the user to try to connect to this application then after this application works go ahead and do a "show capture cap" which will tell you what destination ports is this client looking for, then you can open those on the acl.


Or simply take off the inside acl, ask the client to connect and do a show conn detail and check which is the destination port.

Actions

This Discussion