Help on ASA traffic Outside

Unanswered Question
Oct 29th, 2009
User Badges:

Hello


Different application needs different ports to pass traffic from inside to outside with ASA placed inbetween.


Instead of allowing all ports ; how to streamline with needed ports. Struggling to get it working.


LANUSERS_____switch____ASA_____INTERNET


Access-list is applied on ASA inside interface.


IF I start a Trading application from a LAN Host which needs to connect to Trading Server on INTERNET; how do I identify which ports are needed to open on ASA??

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco24x7 Thu, 10/29/2009 - 03:31
User Badges:
  • Silver, 250 points or more

access-list capture permit ip LAN_host Internet_host log


capture tcpdump access-list test interface internal


"show capture tcpdump" will show you which port LAN_host communicate with Internet host.

saquib.tandel Thu, 10/29/2009 - 04:02
User Badges:

Hi

I am aware of LAN Host but not aware of Internet Host.


How to clear counter of the log as it shows already some hits

Actions

This Discussion