Port Traffic Detection/Identification????

Charlie Mayes · ‎06-07-2010

Hello All,

I am trying to create a access-list that allows traffic from a source ip to a global destination Natted address on my firewall. The problem is the sending company does not know what port they are sending the traffic to my firewall on. Is there anyway to find out what port they are sending traffic to me on so I can allow traffic in through that port? I have a ASA5505 running ASA Version 7.2(4)

Federico Coto Fajardo · ‎06-07-2010

Hi,

The easiest way is to check the logs.

If you have logging enabled (or just enable logs) on the ASA, then you can search on the logs the IP that you're interested in, and see which port the connection is coming from/to.

If you want a lot more of details, you can use the ''capture'' command on the ASA.

But if you just want to know the port, go with the logs.

Federico.

Charlie Mayes · ‎06-07-2010

I enabled the logs but what command is used to view those details about the from/to info? Do I need a SYSLOG SERVER?

Federico Coto Fajardo · ‎06-07-2010

You don't require a syslog server.

If logs are enabled (and at a level to see the connections), then you can check the logs on your screen.

i.e

sh log --> will show the logs on the ASA

term mon --> if you're remotely connected via a terminal

ASDM --> will also show you the logs

If you still cannot see the logs, check the output of ''sh run log'' to check your logging configuration and see where you're sending the logs at.

Federico.