Skip to main content

Identify Ports being accessed

More
17 years 1 month ago #23274 by jrecto
We have a cisco ASA 5505. Occasionally, we have clients that come to our facility and VPN into their company. Some times the VPN client they are using requires a certain port open they we do not have open.

Is there a way to look at the logs and determine what port their VPN client is trying to use?

If so, how would I identify it?

Thanks,
Jasper
More
17 years 1 month ago #23275 by Chris
Jrecto,

The best way to view all message and ensure you don't miss anything would be to run a syslog server on your pc and configure the ASA firewall to log all messages to your syslog server while you have your clients try to connect to their VPN.

You can enable debugging and configure your syslog server by using the following configuration:

logging enable
logging trap informational
logging asdm informational
logging host inside 192.168.0.90

Where 192.168.0.90 is the ip address of your INTERNAL workstation.

If you need a syslog server, grab the 3com deamon program we've got in out ftp/tftp download section, its got a built-in syslog server that works wonderful !

Hope that helps.

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
17 years 1 month ago #23278 by skepticals
Chris,

I wanted to setup a Syslog server for awhile now, but have not taken the time to do so. Thanks for the information!

Are there any other free syslog servers that you have used? Or, is the one you mentioned the best?
More
17 years 1 month ago #23279 by Smurf
Kiwi is another one that i have used. We are now using SolarWinds Orion to monitor our network SNMP/Pings, this has a built in SYSLOG server so i am now using that.

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
17 years 1 month ago #23282 by skepticals
Thanks to Chris and Smurf! Kiwi is installed and receiving Syslog messages.

I am only logging trap informational and asdm informational. Is there any others that I should be concerned with?

Smurf, any suggestions for using Kiwi? Ways to make it easier to read, things to look for?
More
17 years 1 month ago #23283 by Smurf
Not really to be honest. The problem with SYSLOG is that its just a list of stuff. There are products out their to analys the information for you if thats what you are after.

For example, Cisco MARS will take logging information from various sources (IDS/HIDS, SYSLOG, Event Logs, etc...) and collate it all for you.

Cheers

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.131 seconds