I had run a packet capture on an ASA to see if I could find the traffic that was being reported as dropped packets. The IT staff had told me that the application, the one being blocked, was going out on a particular port. However, when I didn't see that traffic coming in on that port, I did another packet capture to the destination IP address. This proved that the traffic was going out on port 25 instead. See the highlighted below. Setup your ACL to match what you are looking for, and apply where you need to.
asa(config)# sh capture capin
18 packets captured
1: 07:56:52.065853 3.3.3.3.44986 > 120.120.120.120.25: S 1199789812:1199789812(0) win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>
2: 07:56:52.098246 3.3.3.3.44986 > 120.120.120.120.25: . ack 99226430 win 258
3: 07:56:52.134026 3.3.3.3.44986 > 120.120.120.120.25: P 1199789813:1199789827(14) ack 99226483 win 258
4: 07:56:52.172629 3.3.3.3.44986 > 120.120.120.120.25: P 1199789827:1199789833(6) ack 99226652 win 257
5: 07:56:52.172979 3.3.3.3.44986 > 120.120.120.120.25: F 1199789833:1199789833(0) ack 99226652 win 257
...
18 packets shown
asa(config)#
No comments:
Post a Comment
Your comment will be reviewed for approval. Thank you for submitting your comments.