Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
464
Views
5
Helpful
2
Replies

ASA Security

Go to solution
ConstanceS
Level 1
Level 1

‎02-15-2018 12:46 PM - edited ‎03-08-2019 01:52 PM

Hi Guy's

 

Please can you assist me with this, I have had to install a Cisco ASA5520 IOS 8.2(1).

At the branch there are no servers so I only needed to route the internal users out for internet access and we have a cloud based PABX for voice. I am concerned about vulnerabilities on this unit as it has an older IOS. I have run a NMAP scan against my public IP with the output below. When I run the same scan against my HO network I get the same result. Can someone please explain this output to me.

 

Later I will setup a site to site VPN, I read somewhere there is a problem with this IOS 8.2 (1) and it needs to be upgraded Please share your thoughts on this also...

 

Thank you in advance.

 

Nmap scan report for
Host is up (0.066s latency).
Not shown: 65532 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http?
443/tcp open ssl/http Cisco ASA SSL VPN
8080/tcp open http-proxy?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎02-15-2018 01:30 PM

Hello,

 

the ASA by default allows nothing. HTTP access is usually for management purposes. Look for an access list in your configuration that allows HTTP. SSL/VPN access needs to be configured as well, so you have full control over who can access through SSL/VPN.

In short, it looks like NMAP has confirmed that everything is closed except HTTP and SSL, which is configured manually.

 

Does that make sense ?

View solution in original post

2 Replies 2

Go to solution
Georg Pauwen
VIP
VIP

‎02-15-2018 01:30 PM

Hello,

 

the ASA by default allows nothing. HTTP access is usually for management purposes. Look for an access list in your configuration that allows HTTP. SSL/VPN access needs to be configured as well, so you have full control over who can access through SSL/VPN.

In short, it looks like NMAP has confirmed that everything is closed except HTTP and SSL, which is configured manually.

 

Does that make sense ?

Go to solution
ConstanceS
Level 1
Level 1
In response to Georg Pauwen

‎02-15-2018 09:31 PM

Hi George

Thank you for the reply,
I understand totally, any thoughts on this...
"Later I will setup a site to site VPN, I read somewhere there is a problem with this IOS 8.2 (1) and it needs to be upgraded Please share your thoughts on this also..."

Regards
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card