Cisco ASA - finding out what ports are being used on LAN

So i have a Cisco ASA5510.  I have ACL's applied to my outbound interface for all my static NAT's, but on my inside interface its ip any any.  I want to start to lock this down by port.  What is the best way to find out what ports are currently being used on the internal network?
Who is Participating?
Typically, the ports that are on the inside have a security level of 100.  That may begin to help you.  The ports in the DMZ may have 50 and external ports are 0.
There might be better ways that someone else will advise of but "show ip nat translation" might give you a start in seeing what ports are in use at a given time.

You could also potentially setup a Netflow analyser which should give you this info and further information in the longer term? (ManageEngine do a free version and the 5510 looks like Netflow should be available with the right OS version -
Through the ASDM, select monitoring at the top and then on the left hand side at the bottom select logging. Ensure that the logging level is set to debugging and select the View... button.

This will pop up a window and show you when traffic is blocked and allowed by your firewall rules. (Yellow is typically the ones that are blocked).

You can then investigate the yellow entries and figure out what port is being blocked, after assessing if the inside IP should be talking to the internet on that port... you can create a rule based on that information.
Scream test. Make a rule to let 80/443 outbound and stop everything else. Wait and see who screams when something is broken.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.