Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
483
Views
0
Helpful
2
Replies

Ports showing open on ASA appliance

Kevin Melton
Level 2
Level 2

‎03-31-2009 01:02 PM - edited ‎03-11-2019 08:13 AM

I have several ports showing open on our ASA appliance when scanned by NMAP on the outside interface. However these ports are not configured open in the ACL that faces outside guarding against inbound traffic.

The ports are 988, 993.

Has anyone seen this behavior before?

I tried putting up deny any any 988 and it still scans showing them open...

Thanks

Labels:
0 Helpful
2 Replies 2

smalkeric
Level 6
Level 6

‎04-06-2009 10:56 AM

Each interface must have a security level from 0 (lowest) to 100 (highest). For example, you must assign your most secure network, such as the inside host network, to level 100. While the outside network that is connected to the Internet can be level 0, other networks, such as DMZs, can be positioned in between. You can assign multiple interfaces to the same security level.

By default, all ports are blocked on the outside interface (security level 0), and all ports are open on the inside interface (security level 100) of the security appliance. In this way, all outbound traffic can pass through the security appliance without any configuration, but inbound traffic can be allowed by the configuration of the access list and static commands in the security appliance.

Note: In general, all ports are blocked from the Lower Security Zone to the Higher Security Zone, and all ports are open from the Higher Security Zone to the Lower Security Zone providing that the stateful inspection is enabled for both inbound and outbound traffic.

0 Helpful

javzone
Level 1
Level 1

‎04-06-2009 05:31 PM

hi

could be becoz of following reason.

E-mail proxies extend remote e-mail capability to WebVPN users. When users attempt an e-mail session via e-mail proxy, the e-mail client establishes a tunnel using the SSL protocol.

The e-mail proxy protocols are as follows:

POP3S

POP3S is one of the e-mail proxies WebVPN supports. By default the Security Appliance listens to port 995, and connections are automatically allowed to port 995 or to the configured port. The POP3 proxy allows only SSL connections on that port. After the SSL tunnel establishes, the POP3 protocol starts, and then authentication occurs. POP3S is for receiving e-mail.

IMAP4S

IMAP4S is one of the e-mail proxies WebVPN supports. By default the Security Appliance listens to port 993, and connections are automatically allowed to port 993 or to the configured port. The IMAP4 proxy allows only SSL connections on that port. After the SSL tunnel establishes, the IMAP4 protocol starts, and then authentication occurs. IMAP4S is for receiving e-mail.

SMTPS

SMTPS is one of the e-mail proxies WebVPN supports. By default the Security Appliance listens to port 988, and connections are automatically allowed to port 988 or to the configured port. The SMTPS proxy allows only SSL connections on that port. After the SSL tunnel establishes, the SMTPS protocol starts, and then authentication occurs. SMTPS is for sending e-mail.

http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/user/guide/vpn_emai.html#wp1176567

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card