KEMBAR78
Conexiones en Puertos en Asa | PDF | Transmission Control Protocol | Port (Computer Networking)
Scribd
Upload
95 views6 pages

Conexiones en Puertos en Asa

The diagnostic tests on the content filtering module showed 183 nodes identified, but there are around 800 nodes on the network during peak hours, exceeding the current license for 500 users. Traffic logs for ports 80, 443, and UDP show filtering is bypassed when the module surpasses licensed users. An upgrade to 1000 users is needed to fully filter traffic like Facebook and YouTube as requested by the client.

Uploaded by

Angel Muñoz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
95 views6 pages

Conexiones en Puertos en Asa

The diagnostic tests on the content filtering module showed 183 nodes identified, but there are around 800 nodes on the network during peak hours, exceeding the current license for 500 users. Traffic logs for ports 80, 443, and UDP show filtering is bypassed when the module surpasses licensed users. An upgrade to 1000 users is needed to fully filter traffic like Facebook and YouTube as requested by the client.

Uploaded by

Angel Muñoz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Diagnostico y Pruebas en Modulo de

Filtrado de Contenidos CSC SSM

Elaboro:

Ildefonso Valenzuela Diaz


Ingeniería de Red de Clientes
Division Sur
Diagnostico y Pruebas en Modulo de Filtrado
de Contenidos CSC SSM
Caracteristicas y Número de Serie

CLI
W01MBJ-70196055# sh module 1 det
Getting details from the Service Module, please wait...

Card Type: ASA_5500_Series_Content_Security_Services_Module-10


Model: ASA-SSM-CSC-10-K9
Hardware version: 1.0
Serial Number: JAF112701CD
Firmware version: 1.0(11)2
Software version: CSC SSM 6.6.1125.0
MAC Address Range: 001b.d454.e35e to 001b.d454.e35e
App. name: CSC SSM
App. Status: Up
App. Status Desc: CSC SSM scan services are available
App. version: 6.6.1125.0
Data plane Status: Up
Status: Up
HTTP Service: Up
HTTPS Service: Up
Mail Service: Up
FTP Service: Up
Activated: Yes
Mgmt IP addr: 10.254.254.30
Mgmt web port: 8443
Peer IP addr: <not enabled>
FW01MBJ-70196055#

GUI

Detalle de Nodos Identificados en el Modulo


FW01MBJ-70196055# sh csc node-count
Current node count is 183

Monitoreo de Puertos

Puerto TCP 443


FW01MBJ-70196055# sh conn port 443 protocol tcp detail
1498 in use, 10049 most used
Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,
B - initial SYN from outside, b - TCP state-bypass or nailed, C - CTIQBE media,
D - DNS, d - dump, E - outside back connection, F - outside FIN, f - inside FIN,
G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,
i - incomplete, J - GTP, j - GTP data, K - GTP t3-response
k - Skinny media, M - SMTP data, m - SIP media, n - GUP
O - outbound data, P - inside back connection, p - Phone-proxy TFTP connection,
q - SQL*Net data, R - outside acknowledged FIN,
R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,
s - awaiting outside SYN, T - SIP, t - SIP transient, U - up,
V - VPN orphan, W - WAAS,
X - inspected by service module
TCP outside:157.56.98.90/443 inside:10.10.51.52/58466,
flags UIO, idle 2m30s, uptime 22m31s, timeout 1h0m, bytes 7692
TCP outside:69.171.248.65/443 inside:10.10.39.42/57568,
flags UFIO, idle 26m59s, uptime 46m14s, timeout 1h0m, bytes 5901
TCP outside:69.171.248.65/443 inside:10.10.36.52/51790,
flags UIO, idle 3m17s, uptime 58m43s, timeout 1h0m, bytes 7220
TCP outside:69.171.248.65/443 inside:10.10.48.172/10018,
flags UFIO, idle 54m53s, uptime 1h2m, timeout 1h0m, bytes 2054
TCP outside:69.171.248.65/443 inside:10.10.51.120/60902,
flags UIO, idle 6m37s, uptime 1h52m, timeout 1h0m, bytes 12159
TCP outside:69.171.248.65/443 inside:10.10.51.120/44161,
flags UFIO, idle 3m38s, uptime 1h52m, timeout 1h0m, bytes 5024
TCP outside:69.171.248.65/443 inside:10.10.49.64/40467,
flags UFIO, idle 39m56s, uptime 2h6m, timeout 1h0m, bytes 6404
TCP outside:74.125.227.223/443 inside:10.10.77.18/1229,
flags UFRIOX, idle 12s, uptime 50s, timeout 10m0s, bytes 4636
TCP outside:74.125.227.223/443 inside:10.10.55.5/53945,

Puerto TCP 80

[05:34:07 p.m.] Ildefonso Valenzuela: FW01MBJ-70196055# sh conn port 80


2119 in use, 10049 most used
TCP servers 10.10.34.2:80 inside 10.10.48.74:3565, idle 0:00:02, bytes 2482, flags UIO
TCP servers 10.10.34.2:80 inside 10.10.48.129:2352, idle 0:00:03, bytes 2487, flags UIO
TCP servers 10.10.34.2:80 inside 10.10.48.52:2143, idle 0:00:12, bytes 11146, flags UIO
TCP servers 10.10.34.2:80 inside 10.10.48.31:1418, idle 0:00:13, bytes 518476, flags UIO
TCP servers 10.10.34.28:80 inside 10.10.77.90:59243, idle 0:00:17, bytes 1810, flags UIO
TCP servers 10.10.34.28:80 inside 10.10.77.90:59242, idle 0:00:17, bytes 13955, flags UIO
TCP servers 10.10.34.28:80 inside 10.10.77.90:59241, idle 0:00:17, bytes 1797, flags UIO
TCP servers 10.10.34.28:80 inside 10.10.77.90:59240, idle 0:00:17, bytes 1804, flags UIO
TCP servers 10.10.34.28:80 inside 10.10.77.90:59239, idle 0:00:17, bytes 895, flags UIO
TCP servers 10.10.34.28:80 inside 10.10.77.90:59198, idle 0:00:17, bytes 22786, flags UIO
TCP outside 74.125.227.151:80 inside 10.10.38.7:51069, idle 0:00:31, bytes 2320, flags UIO
TCP outside 74.125.227.223:80 inside 10.10.35.26:58884, idle 0:00:40, bytes 1930, flags UIO
TCP outside 198.143.128.243:80 inside 10.10.64.2:54903, idle 0:00:13, bytes 0, flags U
TCP outside 198.143.128.243:80 inside 10.10.64.2:54902, idle 0:00:13, bytes 0, flags U
TCP outside 69.192.114.16:80 inside 10.10.40.14:52713, idle 0:57:09, bytes 6737, flags UFIOX
TCP outside 69.192.114.16:80 inside 10.10.40.22:50468, idle 0:58:01, bytes 2860, flags UFIOX
TCP outside 74.125.227.202:80 inside 10.10.48.195:1214, idle 0:00:30, bytes 32080, flags UIO
TCP outside 74.125.227.202:80 inside 10.10.48.195:1211, idle 0:00:30, bytes 78670, flags UIO
TCP outside 74.125.227.202:80 inside 10.10.51.17:60693, idle 0:00:44, bytes 19585, flags UIO
TCP outside 74.125.227.202:80 inside 10.10.51.17:60632, idle 0:00:44, bytes 85779, flags UIO
TCP outside 74.125.227.202:80 inside 10.10.51.17:60625, idle 0:00:00, bytes 5784, flags UIO
TCP outside 74.125.227.202:80 inside 10.10.51.17:60624, idle 0:00:00, bytes 5772, flags UIO
TCP outside 23.54.235.27:80 inside 10.10.36.60:61290, idle 0:00:37, bytes 2547, flags UIO
TCP outside 23.54.235.27:80 inside 10.10.35.26:58940, idle 0:00:38, bytes 2550, flags UIO
TCP outside 23.54.235.27:80 inside 10.10.40.5:49309, idle 0:08:39, bytes 2475, flags UFRIO

Protocolo UDP

FW01MBJ-70196055# sh conn protocol udp


2228 in use, 10049 most used
UDP outside 192.168.20.106:10206 inside 10.10.66.27:56058, idle 0:01:19, bytes 614384, flags -
UDP outside 192.168.20.106:10207 inside 10.10.66.27:56059, idle 0:01:19, bytes 2400, flags H
UDP outside 192.168.25.103:55657 inside 10.10.66.27:56059, idle 0:02:18, bytes 1176, flags H
UDP outside 192.168.20.106:10206 inside 10.10.66.3:25628, idle 0:01:56, bytes 66564, flags -
UDP outside 192.168.20.106:10207 inside 10.10.66.3:25629, idle 0:01:56, bytes 292, flags H
UDP outside 192.168.25.103:55657 inside 10.10.66.3:25533, idle 0:02:40, bytes 316, flags H
UDP servers 10.10.34.28:61681 inside 10.10.77.75:57739, idle 0:00:00, bytes 1420803, flags -
UDP inside 10.2.1.70:161 inside 10.10.53.34:59136, idle 0:00:16, bytes 2727504, flags -
UDP outside 177.177.231.157:22199 inside 10.10.49.24:48286, idle 0:00:49, bytes 57, flags -
UDP outside 79.214.147.39:27026 inside 10.10.49.24:48286, idle 0:01:23, bytes 57, flags -
UDP outside 201.243.141.251:31882 inside 10.10.53.35:12721, idle 0:01:52, bytes 57, flags -
UDP outside 192.168.1.252:161 inside 10.10.62.22:61127, idle 0:00:06, bytes 42666, flags -
UDP outside 192.168.1.252:161 inside 10.10.36.60:49160, idle 0:00:00, bytes 1383494, flags -
UDP outside 189.250.57.15:12839 inside 10.10.53.35:12721, idle 0:00:53, bytes 57, flags -
UDP outside 177.42.198.249:44476 inside 10.10.65.4:48566, idle 0:00:45, bytes 27, flags -
UDP outside 189.241.121.41:5535 inside 10.10.49.24:48286, idle 0:01:52, bytes 57, flags -
UDP outside 192.168.1.50:161 inside 10.10.51.121:49152, idle 0:00:35, bytes 14017, flags -
UDP outside 186.28.194.250:22036 inside 10.10.53.35:12721, idle 0:01:45, bytes 103, flags -
UDP outside 190.134.161.124:15738 inside 10.10.49.24:48286, idle 0:01:02, bytes 57, flags -
UDP outside 201.254.91.192:10072 inside 10.10.53.35:12721, idle 0:00:56, bytes 57, flags -
UDP outside 190.194.15.169:36159 inside 10.10.49.24:48287, idle 0:00:07, bytes 1176, flags -
UDP outside 186.133.0.55:19909 inside 10.10.65.4:48566, idle 0:01:34, bytes 57, flags -
UDP outside 192.168.0.100:161 inside 10.10.51.116:49153, idle 0:00:24, bytes 468, flags -
UDP outside 192.168.0.100:161 inside 10.10.51.121:49152, idle 0:00:35, bytes 13552, flags -

Detalle de Configuracion de Politica para Filtrar Trafico a través del Modulo

policy-map csc-inside
class cancun
csc fail-open

policy-map csc-outside
class class-default
csc fail-open

service-policy csc-outside interface outside


service-policy csc-inside interface inside
Resumen de Monitoreo Web (http-htps)

Resumen de Licenciamiento
Resumen General
El Diagnostico y Pruebas de Conectividad muestra los nodos ( 183)
identificados por Modulo, después de reiniciar el ASA y Modulo
respectivamente, no siendo estas todos los nodos hay durante el horario hábil,
ya que se identificaron alrededor de 800 nodos de red, lo cual sobre pasa el
licenciamiento actual, los cuales son para 500 usuarios o nodos, mismos que
se anexa en la lamina correspondiente y que confirma el cliente que tiene en su
red mas de 600 usuarios.

Se observa que el Modulo al sobrepasar el numero de nodos deja de Filtrar


Taficos HHTP y HTTPS, en particular Faceboo y Youtube, configurado y
solicitado por el cliente, no siendo asi cuando recien se inicia el modulo en
horario no hábil, ya que en horario hábil muy rápido identifica el Modulo el
numero de usuarios y por tanto deja pasar el trafico de esta previamente
configurado para filtrar.

Adicionalmente de anexan laminas con trafico en horario hábil, lo cual es trafico


que llega al modulo y que se aprecia que si escanea, con las limitantes antes
mencionadas.
Se anexa licencias activas y numero de serie del Modulo para tratar de
conseguir un Upgrade de licencia para 1000 usuarios y poder comprobarle al
cliente la solucion a la falla reportada.

You might also like