Re: sh log in PIX

CCDECCDE9 · ‎12-16-2009

Hi

How can I see the transactions between two hosts that are trying to talk to each other over certain ports .I am trying to find out ports needed to be opened for successful connection .I have tried "sh log" but I do not see those two hosts..The following is the log config I have on this PIX-6.3(5)

logging on
logging monitor errors
logging buffered debugging
logging trap warnings
logging host inside 10.32.1.10

Thanks

Jon Marshall · ‎12-16-2009

CCDECCDE9 wrote:

Hi

How can I see the transactions between two hosts that are trying to talk to each other over certain ports .I am trying to find out ports needed to be opened for successful connection .I have tried "sh log" but I do not see those two hosts..The following is the log config I have on this PIX-6.3(5)

logging on
logging monitor errors
logging buffered debugging
logging trap warnings
logging host inside 10.32.1.10

Thanks

You can use "sh conn ..." to look at what current connections are going through the firewall -

http://www.cisco.com/en/US/docs/security/asa/asa71/command/reference/s2_711.html#wp1113007

Jon

CCDECCDE9 · ‎12-16-2009

I think I will have to rephrase my problem....

I am trying to see if there are any denials for particular source reaching a specific destination.The problem I have is that I opened up a port 8081 between two hosts A and B I am told that hostA is not able to communicate with hostB,so I am trying to see if it is using a different port

JORGE RODRIGUEZ · ‎12-16-2009

The sh conn as Jon posted can provide that information . .

you can also try " show local-host " from cli and be able to see connections in or out from the host and on what ports.

Youc an also load asdm real time log and see the traffic while host A tries to connect to Host be or vice versa.. and be able to see that information.

Other things to check : Is the HOST listening on port 8081 actually lisening on that port, is it a udp or tcp?

Regards

Jorge Rodriguez