Cisco Pre-defined Access-list Port Number - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Monday, December 19, 2011

Cisco Pre-defined Access-list Port Number

Working on move PIX/ASA migration to Juniper SRX. Some of ports name convention Cisco is using which is different from JunOS. I found following list to map port number to cisco name convention from a
Cisco 2901Router runing "Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M4,"
Router(config)#access-list 101 permit tcp any any  eq ?
  <0-65535>    Port number
  bgp          Border Gateway Protocol (179)
  chargen      Character generator (19)
  cmd          Remote commands (rcmd, 514)
  daytime      Daytime (13)
  discard      Discard (9)
  domain       Domain Name Service (53)
  drip         Dynamic Routing Information Protocol (3949)
  echo         Echo (7)
  exec         Exec (rsh, 512)
  finger       Finger (79)
  ftp          File Transfer Protocol (21)
  ftp-data     FTP data connections (20)
  gopher       Gopher (70)
  hostname     NIC hostname server (101)
  ident        Ident Protocol (113)
  irc          Internet Relay Chat (194)
  klogin       Kerberos login (543)
  kshell       Kerberos shell (544)
  login        Login (rlogin, 513)
  lpd          Printer service (515)
  nntp         Network News Transport Protocol (119)
  pim-auto-rp  PIM Auto-RP (496)
  pop2         Post Office Protocol v2 (109)
  pop3         Post Office Protocol v3 (110)
  smtp         Simple Mail Transport Protocol (25)
  sunrpc       Sun Remote Procedure Call (111)
  tacacs       TAC Access Control System (49)
  talk         Talk (517)
  telnet       Telnet (23)
  time         Time (37)
  uucp         Unix-to-Unix Copy Program (540)
  whois        Nicname (43)
  www          World Wide Web (HTTP, 80)


On ASA, there are some new port name which not showing up in previous Router's settings.
ASA/act/pri(config)# access-list 10 permit tcp any any eq ?
configure mode commands/options:
  <1-65535>        Enter port number (1 - 65535)
  aol              
  bgp              
  chargen          
  cifs             
  citrix-ica       
  cmd              
  ctiqbe           
  daytime          
  discard          
  domain           
  echo             
  exec             
  finger           
  ftp              
  ftp-data         
  gopher           
  h323             
  hostname         
  http             
  https            
  ident            
  imap4            
  irc              
  kerberos         
  klogin           
  kshell           
  ldap             
  ldaps            
  login            
  lotusnotes       
  lpd              
  netbios-ssn      
  nfs              
  nntp             
  pcanywhere-data  
  pim-auto-rp      
  pop2             
  pop3             
  pptp             
  rsh              
  rtsp             
  sip              
  smtp             
  sqlnet           
  ssh              
  sunrpc           
  tacacs           
  talk             
  telnet           
  uucp             
  whois            
  www        

Actually through ASDM, there are lots of more details for those pre-defined ports name. 






   

No comments:

Post a Comment