Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Identify Application ports

Hi, ASA 5520 with access-list on INSIDE Interface. There is trading application need by a user on LAN where ports are unknown and needs to be opened.

How to identify the ports. On ACL inside if I add permit any any it works.

All http traffic is not passing the firewall its via Squid.

Any Help

1 REPLY

Re: Identify Application ports

Configure a capture on the inside for this specific host that uses that trading application to the tradig server, something like:

access-list capture permit ip host (client) host (server)

capture cap access-list capture interface inside

Then ask the user to try to connect to this application then after this application works go ahead and do a "show capture cap" which will tell you what destination ports is this client looking for, then you can open those on the acl.

Or simply take off the inside acl, ask the client to connect and do a show conn detail and check which is the destination port.

161
Views
0
Helpful
1
Replies