Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1086
Views
1
Helpful
1
Replies

ISE 2.2 custom NMAP ports issue

andrewswanson
Level 7
Level 7

‎04-27-2017 03:56 AM - edited ‎03-11-2019 12:40 AM

Hi

I'm looking at profiling using custom ports with an ISE NMAP action. Version of ISE is 2.2 patch 1.

The device I'm trying to profile has a number of ports open that I'd like to profile on:

tcp 7777
tcp 9989

I added these custom ports to an NMAP action and both appear under Dictionaries > NMAPExtension

When I run an automatic or manual scan using the customized NMAP action, ISE only discovers tcp port 7777 as being open and not 9989.

When I run an NMAP scan on the device from my PC I can see that both ports are open.

Is there any restriction on what custom ports can be used with an ISE NMAP action? The ISE 2.2 documentation has a long list of ports used by ISE for OS scanning - tcp 7777 is on the list but 9989 is not. Are custom NMAP ports limited to this list?

Thanks
Andy

Labels:
0 Helpful
1 Reply 1

andrewswanson
Level 7
Level 7

‎05-12-2017 02:11 PM

I contacted TAC through a support partner and they confirmed that when using a customized NMAP action, you can only use tcp/udp ports that are used by ISE for OS Scanning.

The list of ports used for OS Scanning is fairly extensive (see link below) but doesn't include some ports I'd like to use for profiling.

http://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22.pdf

TAC said they'd log this as a Feature Enhancement.

Andy

Customers Also Viewed These Support Documents