Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
0
Helpful
1
Replies

Identify Application ports

saquib.tandel
Level 7
Level 7

‎10-28-2009 12:10 AM - edited ‎03-11-2019 09:32 AM

Hi, ASA 5520 with access-list on INSIDE Interface. There is trading application need by a user on LAN where ports are unknown and needs to be opened.

How to identify the ports. On ACL inside if I add permit any any it works.

All http traffic is not passing the firewall its via Squid.

Any Help

Labels:
0 Helpful
1 Reply 1

Ivan Martinon
Level 11
Level 11

‎10-28-2009 02:30 PM

Configure a capture on the inside for this specific host that uses that trading application to the tradig server, something like:

access-list capture permit ip host (client) host (server)

capture cap access-list capture interface inside

Then ask the user to try to connect to this application then after this application works go ahead and do a "show capture cap" which will tell you what destination ports is this client looking for, then you can open those on the acl.

Or simply take off the inside acl, ask the client to connect and do a show conn detail and check which is the destination port.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card