Need the inside address - Outside IP:port known

CharliePalmer · ‎06-07-2013

I have to determine the internal IP address based on the external IP address and tcp port number.

I am extremely new to ASA's and have been poking around unsuccessfully...

Report:

Jun 7 15:47:54 2013 UTC [Classification: A Network Trojan was Detected] [Priority: 1] {tcp} aaa.xxx.yyy.2:30374->111.11.6.122:80

How do I find the internal IP address that the ASA translated to aaa.xxx.yyy.2 ?

Thanks!

Hardware: ASA5540-K8, 2560 MB RAM, CPU Pentium 4 2000 MHz

Cisco Adaptive Security Appliance Software Version 8.4(1)

Device Manager Version 6.4(1)

Compiled on Mon 31-Jan-11 02:11 by builders

System image file is "disk0:/asa841-k8.bin"

Julio Carvajal · ‎06-07-2013

Hello do the following

sh run | include aaa.xxx.yyy.2

Then from that output you will get the object network that is making reference to that IP address

Then:

show run nat | include TEST( object group name)

You will get the nat statement that is being used for that particular IP address, you just need to focus on the first part of the nat

nat (inside,outside) source static Object_x TEST (The object_x is the one that contains the private IP address)

show run object id Object_x

And you will have the IP address

Sounds more easy than what it looks hehe,

Post the outputs of the commands or send me the configuration via a private message including the public IP address of xx.yyy and I will give u the answer

Regards,

Julio

Hey remember to rate all of the helpful posts, as important as a thanks (keep us motivated)

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

CharliePalmer · ‎06-07-2013

Thank you Julio! PM sent.

Julio Carvajal · ‎06-07-2013

Hello,

That is correct,

You could enable Netflow or send the logging messages to a syslog servers so you always can analize them,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC