cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
923
Views
0
Helpful
4
Replies

A Newbie Question I know but I Need to Know what Command to Use

lanmanjs
Level 1
Level 1

I have looked and do not see any CLI commands that will allow me to see what ports or services are crossing my VPNs.  I am looking to see if some specific high ports are using the VPN.  What command will allow me to verify that?

 

Thank you for any Reply - 

JS

1 Accepted Solution

Accepted Solutions

you need to enable debug or logging to capture the traffic, which may have a performance impact on the live network.

 

ACL is the best place to start and control what is required to allow in tunnel and rest deny, so you know what ports allowed.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

what is this device mode here? ASA  or router?

 

ASA you can use ASDM to Monitor - real-time logs

Router - you need to enable logging to view more information. 

 

on both the case you can check the ACL to allowed ports? if they are not allowed - then FW / router will drop anyway.

for security, reasons allow only the required port for the interesting traffic.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I am looking on a router for this - not an ASA.  So, there isn't a command I can use that will show me the interface in question and what ports are going over it in real time?  I will set up logging and check that way but was wondering if there was a command like that I could use.  I will also take a look at the ACLs and see what is allowed.

 

Thank you for the reply - it is greatly appreciated.

you need to enable debug or logging to capture the traffic, which may have a performance impact on the live network.

 

ACL is the best place to start and control what is required to allow in tunnel and rest deny, so you know what ports allowed.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

_|brt.drml|_
Level 1
Level 1

Look up NBAR2 configuration. Activate this on the VPN interface. NBAR delivers you application recognition on the egress interface. It delivers statistics of all well known protocols and even 'custom-made' configuration. I use it and it helps me configuring QoS for 'business applications'.

Work:

Upgrade the NBAR2 to the latest 'update package'.

You can also activate on the router a webinterface https://<router-ip>/flash/nbar2/home.html

There you have a GUI that graphically reports what applications are recognized on that link. It works like a charm.

 

Do take in account: depending on the hardware, NBAR2 can produce a lot of CPU usage. Another tip: read the manual as it is rich in information.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: