cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


262
Views
0
Helpful
4
Replies
Highlighted
Explorer

ASA find out allowed ports

Hi Security Experts,

Is there a way we can find out on what all ports is the Cisco ASA allowing/dropping connections between two hosts (each host on a different interface on firewall). I am interested in finding out what all requests come from one host (destined towards the other) and on what ports? What ASA allowed and what it dropped? Is there some easy way to do this? I think we can do it using ACL, but I dont want to go on that path.

Please let me know if there is some better way to do this.

Thanks,

Kashish

4 REPLIES 4

ASA find out allowed ports

You can use packet tracer command to find out the ports which are enabled/disabled

Explorer

ASA find out allowed ports

That is not very scalable and I don't want to run packet tracer for all bunch of ports.

Is there any other better way?

Beginner

ASA find out allowed ports

Capture through ASA is the only method for which you go for so as to meet your detailed and specific requirement.

Syntax would be

access-list capture1 extended permit ip source destination

access-list capture2 extended permit ip destination source

capture capi1 access-list capture1 interface (Interface in which traffic entering)

capture capi2 access-list capture2 interface (Interface from which traffic leaving)

Please rate this if you find it helpful !!

Re: ASA find out allowed ports

Why dont you use a scanning tool? like Nmap as an example from the client ip address you want to test to the destination address.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC