Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

sh log in PIX

Hi


How can I see the transactions between two hosts that are trying to talk to each other over certain ports .I am trying to find out ports needed to be opened for successful connection .I have tried "sh log" but I do not see those two hosts..The following is the log config I have on this PIX-6.3(5)


logging on
logging monitor errors
logging buffered debugging
logging trap warnings
logging host inside 10.32.1.10

Thanks

3 REPLIES
Hall of Fame Super Blue

Re: sh log in PIX

CCDECCDE9 wrote:

Hi


How can I see the transactions between two hosts that are trying to talk to each other over certain ports .I am trying to find out ports needed to be opened for successful connection .I have tried "sh log" but I do not see those two hosts..The following is the log config I have on this PIX-6.3(5)


logging on
logging monitor errors
logging buffered debugging
logging trap warnings
logging host inside 10.32.1.10

Thanks

You can use "sh conn ..." to look at what current connections are going through the firewall -

http://www.cisco.com/en/US/docs/security/asa/asa71/command/reference/s2_711.html#wp1113007

Jon

Community Member

Re: sh log in PIX

I think I will have to rephrase my problem....

I am trying to see if there are any denials for particular source reaching a specific destination.The problem I have is that I opened up a port 8081 between two hosts A and B  I am told that hostA is not able to communicate with hostB,so I am trying to see if it is using a different port

Re: sh log in PIX

The sh conn as Jon posted can provide that information .  .

you can also try " show  local-host  "  from cli and be able to see connections in or out from the host and on what ports.

Youc an also load asdm real time log and see the traffic while host A tries to connect to Host be or vice versa.. and be able to see that information.

Other things to check :  Is the HOST listening on port 8081 actually lisening on that port, is it a udp or tcp?

Regards

555
Views
0
Helpful
3
Replies
CreatePlease to create content