- Posts: 11
- Thank you received: 0
Identify Ports being accessed
17 years 1 month ago #23274
by jrecto
Identify Ports being accessed was created by jrecto
We have a cisco ASA 5505. Occasionally, we have clients that come to our facility and VPN into their company. Some times the VPN client they are using requires a certain port open they we do not have open.
Is there a way to look at the logs and determine what port their VPN client is trying to use?
If so, how would I identify it?
Thanks,
Jasper
Is there a way to look at the logs and determine what port their VPN client is trying to use?
If so, how would I identify it?
Thanks,
Jasper
17 years 1 month ago #23275
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: Identify Ports being accessed
Jrecto,
The best way to view all message and ensure you don't miss anything would be to run a syslog server on your pc and configure the ASA firewall to log all messages to your syslog server while you have your clients try to connect to their VPN.
You can enable debugging and configure your syslog server by using the following configuration:
logging enable
logging trap informational
logging asdm informational
logging host inside 192.168.0.90
Where 192.168.0.90 is the ip address of your INTERNAL workstation.
If you need a syslog server, grab the 3com deamon program we've got in out ftp/tftp download section, its got a built-in syslog server that works wonderful !
Hope that helps.
The best way to view all message and ensure you don't miss anything would be to run a syslog server on your pc and configure the ASA firewall to log all messages to your syslog server while you have your clients try to connect to their VPN.
You can enable debugging and configure your syslog server by using the following configuration:
logging enable
logging trap informational
logging asdm informational
logging host inside 192.168.0.90
Where 192.168.0.90 is the ip address of your INTERNAL workstation.
If you need a syslog server, grab the 3com deamon program we've got in out ftp/tftp download section, its got a built-in syslog server that works wonderful !
Hope that helps.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
- skepticals
- Offline
- Elite Member
Less
More
- Posts: 783
- Thank you received: 0
17 years 1 month ago #23278
by skepticals
Replied by skepticals on topic Re: Identify Ports being accessed
Chris,
I wanted to setup a Syslog server for awhile now, but have not taken the time to do so. Thanks for the information!
Are there any other free syslog servers that you have used? Or, is the one you mentioned the best?
I wanted to setup a Syslog server for awhile now, but have not taken the time to do so. Thanks for the information!
Are there any other free syslog servers that you have used? Or, is the one you mentioned the best?
17 years 1 month ago #23279
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Identify Ports being accessed
Kiwi is another one that i have used. We are now using SolarWinds Orion to monitor our network SNMP/Pings, this has a built in SYSLOG server so i am now using that.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
- skepticals
- Offline
- Elite Member
Less
More
- Posts: 783
- Thank you received: 0
17 years 1 month ago #23282
by skepticals
Replied by skepticals on topic Re: Identify Ports being accessed
Thanks to Chris and Smurf! Kiwi is installed and receiving Syslog messages.
I am only logging trap informational and asdm informational. Is there any others that I should be concerned with?
Smurf, any suggestions for using Kiwi? Ways to make it easier to read, things to look for?
I am only logging trap informational and asdm informational. Is there any others that I should be concerned with?
Smurf, any suggestions for using Kiwi? Ways to make it easier to read, things to look for?
17 years 1 month ago #23283
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Identify Ports being accessed
Not really to be honest. The problem with SYSLOG is that its just a list of stuff. There are products out their to analys the information for you if thats what you are after.
For example, Cisco MARS will take logging information from various sources (IDS/HIDS, SYSLOG, Event Logs, etc...) and collate it all for you.
Cheers
For example, Cisco MARS will take logging information from various sources (IDS/HIDS, SYSLOG, Event Logs, etc...) and collate it all for you.
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.131 seconds