Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

Ports on ASA

Hi Friends,

Is there anyway to check the open ports for hosts on ASa?

If I have opened a port 443 for some ip addresses attaches to PIX. Would it be possible for me to check the access to ports from those ip addresses from ASA directly.

Thanx in Advance!

6 REPLIES

Re: Ports on ASA

Hi,

you want to find the open ports on the ASA. is that correct..?

If you have configuration for the ASA with you that makes it easy. If not but still want to find the open ports, then run a scan (TCP & UDP)from outside (to find ports opened from outside).

hth

MS

**Rate helpful posts**

New Member

Re: Ports on ASA

mvsheik123,

Lemme give you an example.

Suppose I have 10.10.10.10 and 10.10.10.20 attached to an ASA.

I have opened port 443 for both of them to an external IP say : 204.13.25.36.

I am logged into ASA and I want to check whether my configuration are correct or not.

Indirectly I want to check the connection from 10.10.10.10 and 10.10.10.20 to 204.13.25.36 via port 443 from ASA.

is that possible?

Thanx!

Re: Ports on ASA

Not that Iam aware of. lets see if Gurus in the forum can shed some light.

Thx

MS

**Rate helpful Posts**

Hall of Fame Super Silver

Re: Ports on ASA

Hello Faizan,

if it as on routers you could use

telnet 204.13.25.36 443 /source intf-name

where intf-name is the interface where 10.10.10.x machines are connected

Hope to help

Giuseppe

Hall of Fame Super Blue

Re: Ports on ASA

Guiseppe

Just for your info, you can't telnet from the ASA or pix firewall. This is a security feature.

Faizan

Have a look at the packet tracer command -

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/p.html#wp1913020

Jon

New Member

Re: Ports on ASA

Hello Friends,

I have thought that I can check connectivity as we do in router by using 'extended ping' command where we can ping from an internal source address.

It seems we need to log into the individual hosts connected to ASA to check for the open ports.

It doesn't seems that ASA can check directly.

Anyway,

I have one more query regarding port configurations.

Where do we require Natting on PIX and ASA with respect to inbound and outbound connections?

Inbound? outbound? both? or none?

Regards,

Faizan

138
Views
0
Helpful
6
Replies
CreatePlease to create content