topic SOCKS Proxy with cisco ASA in Network Security

SOCKS Proxy with cisco ASA

Mohamed Hamid — Mon, 11 Mar 2019 23:32:51 GMT

Hi Guys

I have the following setup

|| Socks Server || >> Switch1 >> ||Cisco 5520 ASA || -->> | Switch 2| -->> Clients

I have a SSH SOCKS tunnel set up on the socks server which is a linux box.

When I connect my machine to the switch 2, I am NOT able to recieve and mail by setting up a mail client and it seems SOCKS traffic does not reach the socks server. I can however run a telnet command on port 1080 (socks port) which connects which shows that the port was going through and open. However there was no SOCKS traffic..

When I connected the machine to Switch 1, SOCKS traffic worked as expected snd I was able to recieve mail.

This suggests to me that the ASA has some inherent rule that does not allow SOCKS traffic...

IS this true and if so how can I bypass this?

Kind Regards

SOCKS Proxy with cisco ASA

Ramraj Sivagnanam Sivajanam — Sun, 22 Jul 2012 10:01:04 GMT

Hi Bro

Since you mentioned that bypassing the Cisco ASA FW, the SOCKS connection works fine. Then it’s clear that the Cisco FW is the issue here. Cisco FW doesn’t support SOCKS running on it, but it can pass SOCKS traffic through, since it uses TCP. I’m assuming from the client to the server, routing is good, hence you’re able to ping the server from the client.

My guess is permitting TCP/1080 isn’t enough to make this connection through. Perhaps, more TCP ports are needed to be permitted. To confirm this, you could perform the following;

To place your workstation in Switch1 and Switch2, run Wireshark and initiate the communication. With both this packet captures, you’ll be able to see the TCP port numbers needed to have a successful communication between the client and the server.

To issue the “clear service-policy” command and initiate the communication and capture the “show service-policy” to ensure the Cisco ASA FW isn’t dropping any packets.

P/S: if you think this comment is useful, please do rate them nicely 🙂

SOCKS Proxy with cisco ASA

Mohamed Hamid — Mon, 23 Jul 2012 09:48:47 GMT

Hi Mate

thank you for your reply.

I have actually also tested by allowing all traffic to our SOCKS servers and that still does not work which is why I am led to beleive that the Cisco ASA has an inherent rule that blocks SOCKS traffic. Although I do not see that in the logs.

Kind Regards

SOCKS Proxy with cisco ASA

Ramraj Sivagnanam Sivajanam — Wed, 25 Jul 2012 10:10:16 GMT

Hi Bro

I strongly believe you've a Cisco FW configuration error, assuming routing is all fine 🙂 This is because SOCKS works based on TCP.

If you'd like, we could do a quick Teamviewer session to look into this matter. Let me know if you're keen.

SOCKS Proxy with cisco ASA

Rizal Ferdiyan — Mon, 18 Mar 2013 06:32:24 GMT

Dear Mohammed ?

Do you resolve your problem ? I have similar problem with you ?