10-29-2009 03:18 AM - edited 03-11-2019 09:33 AM
Hello
Different application needs different ports to pass traffic from inside to outside with ASA placed inbetween.
Instead of allowing all ports ; how to streamline with needed ports. Struggling to get it working.
LANUSERS_____switch____ASA_____INTERNET
Access-list is applied on ASA inside interface.
IF I start a Trading application from a LAN Host which needs to connect to Trading Server on INTERNET; how do I identify which ports are needed to open on ASA??
10-29-2009 03:31 AM
access-list capture permit ip LAN_host Internet_host log
capture tcpdump access-list test interface internal
"show capture tcpdump" will show you which port LAN_host communicate with Internet host.
10-29-2009 04:02 AM
Hi
I am aware of LAN Host but not aware of Internet Host.
How to clear counter of the log as it shows already some hits
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide