https://community.cisco.com/t5/network-security/identify-application-ports/m-p/1317339#M786730 <P>Hi, ASA 5520 with access-list on INSIDE Interface. There is trading application need by a user on LAN where ports are unknown and needs to be opened.</P><P>How to identify the ports. On ACL inside if I add permit any any it works.</P><P></P><P>All http traffic is not passing the firewall its via Squid.</P><P></P><P>Any Help</P> Mon, 11 Mar 2019 16:32:24 GMT saquib.tandel 2019-03-11T16:32:24Z https://community.cisco.com/t5/network-security/identify-application-ports/m-p/1317339#M786730 <P>Hi, ASA 5520 with access-list on INSIDE Interface. There is trading application need by a user on LAN where ports are unknown and needs to be opened.</P><P>How to identify the ports. On ACL inside if I add permit any any it works.</P><P></P><P>All http traffic is not passing the firewall its via Squid.</P><P></P><P>Any Help</P> Mon, 11 Mar 2019 16:32:24 GMT https://community.cisco.com/t5/network-security/identify-application-ports/m-p/1317339#M786730 saquib.tandel 2019-03-11T16:32:24Z https://community.cisco.com/t5/network-security/identify-application-ports/m-p/1317340#M786733 <HTML><HEAD></HEAD><BODY><P>Configure a capture on the inside for this specific host that uses that trading application to the tradig server, something like:</P><P></P><P>access-list capture permit ip host (client) host (server)</P><P>capture cap access-list capture interface inside</P><P></P><P>Then ask the user to try to connect to this application then after this application works go ahead and do a "show capture cap" which will tell you what destination ports is this client looking for, then you can open those on the acl.</P><P></P><P>Or simply take off the inside acl, ask the client to connect and do a show conn detail and check which is the destination port.</P></BODY></HTML> Wed, 28 Oct 2009 21:30:10 GMT https://community.cisco.com/t5/network-security/identify-application-ports/m-p/1317340#M786733 Ivan Martinon 2009-10-28T21:30:10Z