topic Hi there in Network Security

ASA Logging

Alan Douglas — Tue, 12 Mar 2019 09:29:20 GMT

Hi all

I'm having issues with the logging configuration on cisco ASA's, the asa's will log blocked traffic to the asdm console and systelog but it seems to deplend on the incoming ports.

It is logging at level 4, which looks like it should log blocked IP however its skipping traffic.

It logs icmp, 22 80 but non unknown ports link 10000 or 7000.

Id like to see all of the blocked traffic for debug reasons, how to I get the logging to show all blocks.

Thank in advance.

Incoming traffic to a non

Marvin Rhoads — Sun, 11 Jun 2017 17:33:18 GMT

Incoming traffic to a non-listening port would be exepcted to be dropped silently.

I've not tried it but if you were to put in a final ACL entry with the "control-plane" and 'log" options you might get those events as syslog events.

Why would you want to?

Hi there

Alan Douglas — Mon, 12 Jun 2017 07:34:09 GMT

Hi there

Basically an external company wants a port forward to another system, SIP based, I've done the port changes they asked, it works when i test the rules with some other IP but the other vendor insist I haven't as it doesn't work.

But I cant see the traffic hitting the ports for the logs so it hard to prove that the traffic is hitting the ASA at all.

If I can get the logging log everything, I'm hoping it will tell me where the traffic is actually doing.

OK - that makes sense. You

Marvin Rhoads — Mon, 12 Jun 2017 14:25:13 GMT

OK - that makes sense. You can also run a packet capture on the ASA for the traffic in question and review that. You can filter the capture with the usual 5-tuple (protocol, source/dest addresses and ports) as well as interface. You can capture on both input and output interfaces.

I always find the actual bits on the wire as a good way to end such arguments about whether or not certain traffic is arriiving as expected. 🙂