We had to do this to mitigate some Telecom servers a while back and its no fun. We contacted the application vendors and asked what ports their applications used. A couple were spot on, but the majority of them were not. What I ended up doing was turning on debug for syslog and running each app. I then imported the syslog into excel and sorted the data (by denies) and reviewed the port numbers. It took some time, but we got them all. Afterwards I found a firewall log ananlyzer called Sawmill which would have helped a lot. I just did a quick search and I see there are more out there than when I had to do this, so they should help you out (and you can skip the Excel process).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...