01-22-2021 04:49 AM
Hi ,
Here 92.168.2.100 is a LAN device, but I have not opened the port 6015 port on this machine
<166>Jan 22 2021 08:59:44: %ASA-6-302015: Built outbound UDP connection 1717941741 for Outside:4.4.4.4/8888 (4.4.4.4/8888) to Inside:192.168.2.100/6015 (3.3.3.3/6015)
So how come the ASA build a connection
Thanks
01-22-2021 05:29 AM - edited 01-22-2021 09:09 AM
...
01-22-2021 08:38 AM
Can you post full Logs of the session to understand better?
01-22-2021 08:55 AM
When a device communicates to a remote system it dynamically chooses an ephemeral port (n>1024) as the source port in the udp flow or tcp connection. That's what you are seeing as the source port in the ASA log message.
01-22-2021 09:55 AM - edited 01-22-2021 03:42 PM
First i sory i was think that it from inisde not from outisde
Second Which app use with this port 8888?
Let explain what i know about such like this issue,
Some application open other port and this port is exchange in first message.
For example ftp will use one port to connect server to cleint and other port to download.
Here ouside send message to inisde,
Inisde send message with new port
Here asa inspect these message and open port according to that.
Outisde now can send data to inisde and port open from asa.
So check app for this port and check if you enable inspection in asa for this app
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: