Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
262
Views
0
Helpful
1
Replies

ASA Firewall Services

Daniel Smith
Level 1
Level 1

‎12-05-2014 04:34 AM - edited ‎03-11-2019 10:11 PM

Under the NERC CIP program, we must identify all open services on our ASA firewalls. By open services, I mean anything that the firewall might accept and terminate an IP connection for. This would not apply to connections through the firewall. Since the firewall cannot be effectively scanned with a port scanner, we have resorted to searching for the presence of commands that are known to enable services. At this time, I believe our approach is weak, and does not capture all services, or needlessly searches for config text that does not actually enable a service. I am hoping to assemble a list of all services that an ASA can offer and the commands that enable those services. Your suggestions would be great. 

Labels:
0 Helpful
1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎12-05-2014 06:44 AM

Hi,

My short and simple reply to find all the ports/Services that the ASA device might reply to would be listed in both these configuration components:-

1) show asp table socket

2) NAT statement which use port forward on the Interface IP on any of the ASA device interfaces.

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card