03-09-2021 12:06 PM
I have looked and do not see any CLI commands that will allow me to see what ports or services are crossing my VPNs. I am looking to see if some specific high ports are using the VPN. What command will allow me to verify that?
Thank you for any Reply -
JS
Solved! Go to Solution.
03-10-2021 06:11 AM
you need to enable debug or logging to capture the traffic, which may have a performance impact on the live network.
ACL is the best place to start and control what is required to allow in tunnel and rest deny, so you know what ports allowed.
03-09-2021 04:09 PM
what is this device mode here? ASA or router?
ASA you can use ASDM to Monitor - real-time logs
Router - you need to enable logging to view more information.
on both the case you can check the ACL to allowed ports? if they are not allowed - then FW / router will drop anyway.
for security, reasons allow only the required port for the interesting traffic.
03-10-2021 05:12 AM
I am looking on a router for this - not an ASA. So, there isn't a command I can use that will show me the interface in question and what ports are going over it in real time? I will set up logging and check that way but was wondering if there was a command like that I could use. I will also take a look at the ACLs and see what is allowed.
Thank you for the reply - it is greatly appreciated.
03-10-2021 06:11 AM
you need to enable debug or logging to capture the traffic, which may have a performance impact on the live network.
ACL is the best place to start and control what is required to allow in tunnel and rest deny, so you know what ports allowed.
03-10-2021 11:37 PM
Look up NBAR2 configuration. Activate this on the VPN interface. NBAR delivers you application recognition on the egress interface. It delivers statistics of all well known protocols and even 'custom-made' configuration. I use it and it helps me configuring QoS for 'business applications'.
Work:
Upgrade the NBAR2 to the latest 'update package'.
You can also activate on the router a webinterface https://<router-ip>/flash/nbar2/home.html
There you have a GUI that graphically reports what applications are recognized on that link. It works like a charm.
Do take in account: depending on the hardware, NBAR2 can produce a lot of CPU usage. Another tip: read the manual as it is rich in information.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: