cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2394
Views
0
Helpful
0
Replies
Highlighted

nmap "all 1000 ports are FILTERED" result vary based on which ASA interface blocks?

Hello I have a question about a strange inconsistent behavior between two ASAs and I'm wondering if someone can point me in the right direction.

I have two separate firewalls one at the perimeter and one inside of my network and my nmap scanner is sitting right in between those two, on firewall1 (perimeter 5520 v8.2.5) I'm blocking on the inside interface (in), on firewall2 (5540 v.8.2.5) I'm allowing ip any through the outside interface (in) but I'm blocking on the inside interface (out).

perimeter fw1 (inside interface)<|------nmap scanner------inside fw2 (outside interface)----|>inside interface  

When I scan a class C lan off of firewall1 on which maybe no hosts at all are up I get the following:

*Nmap done: 256 IP addresses (256 hosts up) scanned in 456.61 seconds*

with a detailed list of each hosts that was found "up" like this:

*Nmap scan report for 10.10.12.6
Host is up (0.0064s latency).
All 1000 scanned ports on 10.10.12.6 are filtered*

When I scan a class C lan off of firewall2 I don't get the *host filtered* message above for the hosts that aren't there/filtered, I only get output for the ones that are up.

At the end of the output I get this:
Nmap done: 256 IP addresses (18 hosts up) scanned in 13.02 seconds

I'm wondering if this is due to the fact that the outside interface of firewall2 is permitting traffic whereas the inside interface blocks. And if that's the case, why filtering on the inside interface doesn't produce a "FILTERED" message on the nmap scanner?

TIA.