Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IP scan of ASA5505 Outside interface shows port 443 open

Remote management via ASDM/HTTPS on the Outside interface of the ASS5505 is configured and working over the Internet and is restricted to only a few host IP addresses. Access tried from any other Internet IP address does not work. However, when running a port scan from ANY Internet IP address, the ASA shows port 443 open. We have the same remote access configured for Telnet and SSH but those ports do NOT show open in a scan. How can I prevent the ASA from showing port 443 as open?

2 REPLIES

Re: IP scan of ASA5505 Outside interface shows port 443 open

David, I have not read of a way to have an external public IP address configured on a device in the case the firewall to instruct to not show what ports is listening on or forwarding , port scanning will probe IP address until it finds one opened port but ASA have global IDS signatures funtionality to protect from DoS or other attacks. Also there are some other techniques in firewalls design where you have devices in front of firewalls to provide another layer of protection such as placing a router or IDS system before attackers even reach the firewall.

this is a good link to learn more about how to implement few of the many preventing network attacks and scanning threat detection techiques in your firewall

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/protect.html#wp1042020

HTH

Jorge

New Member

Re: IP scan of ASA5505 Outside interface shows port 443 open

Thank you Jorge for your answer however, I have one additional question: Why wouldn't Telnet or SSH also show as available from the Internet like HTTPS does? I configured all 3 temporarily just to test. Thanks again.

663
Views
0
Helpful
2
Replies
CreatePlease to create content