Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
3
Replies

Reverse engineer permit ip any any

ahmad82pkn
Level 3
Level 3

‎03-09-2016 06:05 PM - edited ‎03-12-2019 12:27 AM

Hi, in many cases when we have to establish connectivity with third parties across firewall, things dont work and we end up with permit ip any any in acl.

what is best way to re engineer specific acl if we want to remove permit ip any any?

is there any software to which we can provide logs or wireshark capture and it can regenerate acl for us ? 

that would be too good if such tool exists.

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-09-2016 07:38 PM

Send data to syslog.  Wait week.  Use grep to extract out all matching lines.

0 Helpful

ahmad82pkn
Level 3
Level 3
In response to Philip D'Ath

‎03-11-2016 06:30 AM

Both of above are long shot, as mentioned in my Question, i was hoping for some parser to which i give LOGS or Wireshark Capture as input and it generate ACL for me :) Was looking for some scripts. if someone develops it, it will be coolest tool . haha.

0 Helpful

Marius Gunnerud
VIP
VIP

‎03-09-2016 09:27 PM

Sending data to syslog is one option, another option (if possible) is to SPAN the switch port connected to the ASA and view the traffic in Wireshark.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card