ASA Logging Traffic Outbound

Unanswered Question
Feb 11th, 2010
User Badges:


I need to be able to find an errant PC on an internal network that is sending RDP traffic outbound.

Has anyone any pointers on this ?

I need to log port 3389 from inside to outside.

Thank you.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Thu, 02/11/2010 - 11:44
User Badges:
  • Purple, 4500 points or more

Create an ACL that will go on the inside interface.

access-list extended find_pc permit tcp any any eq 3389 log

access-list extended find_pc permit ip any any

access-group find_pc in interface inside

This will generate a log message when an RDP packet is sent to the outside. You can view the log with

show logging

Is this what you're looking for?

Diego Armando C... Thu, 02/11/2010 - 12:39
User Badges:
  • Bronze, 100 points or more

SOmething easier

Access-list CAPIN permit tcp host PC-IPADDRESS any eq 3389

Access-list CAPIN permit tcp any eq 3389 host PC-IPADDRESS

Capture CAP access-list CAPIN interface INSIDE

Then wait until the PC uses port 3389. and whenever you can do a SHOW CAPTURE CAP

Hope it helps


This Discussion