https://community.cisco.com/t5/network-security/pix-firewall-525-access-list-problem/m-p/508544#M528136 <HTML><HEAD></HEAD><BODY><P>Ok, thanks for your help. the behavior is the following one:</P><P></P><P>this is the access list:</P><P>access-list 10 permit udp host 10.2.2.29 host 208.135.186.182 eq syslog</P><P></P><P>access-group 10 in interface inside</P><P></P><P>The packets are seen entering the interface inside and going out for the outside, but changes are not seen in the hits of the access list.</P><P></P><P>Regards,</P><P></P><P>R.@.M.</P></BODY></HTML> Tue, 31 Jan 2006 19:59:44 GMT marulandar 2006-01-31T19:59:44Z https://community.cisco.com/t5/network-security/pix-firewall-525-access-list-problem/m-p/508542#M528133 <P>Hi.</P><P></P><P>I have teh following problem. After insert a access-list, in spite of seeing packets related to the list, these do not do " match ", that is to say, it is as if the list was not doing his work.</P><P></P><P>Which can be the cause of this behavior?</P><P></P><P>PIX Model 525</P><P>IOS 6.3(4)</P><P></P><P>Thanks.</P><P></P><P>Ramiro Marulanda Z.</P> Fri, 21 Feb 2020 08:40:54 GMT https://community.cisco.com/t5/network-security/pix-firewall-525-access-list-problem/m-p/508542#M528133 marulandar 2020-02-21T08:40:54Z https://community.cisco.com/t5/network-security/pix-firewall-525-access-list-problem/m-p/508543#M528135 <HTML><HEAD></HEAD><BODY><P>What's the syslog related to this behavior?</P><P>Also you may add the following statement to your pix config</P><P>access-group acl_name in interface your_intf</P><P>Mike</P></BODY></HTML> Mon, 30 Jan 2006 16:01:23 GMT https://community.cisco.com/t5/network-security/pix-firewall-525-access-list-problem/m-p/508543#M528135 mpalardy 2006-01-30T16:01:23Z https://community.cisco.com/t5/network-security/pix-firewall-525-access-list-problem/m-p/508544#M528136 <HTML><HEAD></HEAD><BODY><P>Ok, thanks for your help. the behavior is the following one:</P><P></P><P>this is the access list:</P><P>access-list 10 permit udp host 10.2.2.29 host 208.135.186.182 eq syslog</P><P></P><P>access-group 10 in interface inside</P><P></P><P>The packets are seen entering the interface inside and going out for the outside, but changes are not seen in the hits of the access list.</P><P></P><P>Regards,</P><P></P><P>R.@.M.</P></BODY></HTML> Tue, 31 Jan 2006 19:59:44 GMT https://community.cisco.com/t5/network-security/pix-firewall-525-access-list-problem/m-p/508544#M528136 marulandar 2006-01-31T19:59:44Z https://community.cisco.com/t5/network-security/pix-firewall-525-access-list-problem/m-p/508545#M528137 <HTML><HEAD></HEAD><BODY><P>Are all the syslogs sent correctly to the remote host? In the affirmative I'd say the udp connection is never closed by the PIX. Let's say the connection never hit the timeout in the pix config. So the connection remains open and doesnot increment the hitcount for your access-list. I have a PIX that does the same behaviour.</P><P>Also the hitcount increment is based on the connection and not on every packet passing by the PIX.</P><P>You may use a debug command to see packet going thru the PIX.</P><P>HTH</P><P>Mike </P></BODY></HTML> Tue, 31 Jan 2006 23:22:30 GMT https://community.cisco.com/t5/network-security/pix-firewall-525-access-list-problem/m-p/508545#M528137 mpalardy 2006-01-31T23:22:30Z https://community.cisco.com/t5/network-security/pix-firewall-525-access-list-problem/m-p/508546#M528138 <HTML><HEAD></HEAD><BODY><P>In my preceeding answer I forgot telling you to use this command. To help you seeing if the connection is up between hosts:</P><P></P><P>This command "show local..." will resume the "sh conn..." and "sh xlate..." commands</P><P>sh local 10.2.2.29 detail</P><P></P><P>You may also try the "show timeout" command to see what's the timeout configured on the pix for udp connections.</P><P>Mike</P></BODY></HTML> Wed, 01 Feb 2006 14:09:18 GMT https://community.cisco.com/t5/network-security/pix-firewall-525-access-list-problem/m-p/508546#M528138 mpalardy 2006-02-01T14:09:18Z https://community.cisco.com/t5/network-security/pix-firewall-525-access-list-problem/m-p/508547#M528139 <HTML><HEAD></HEAD><BODY><P>Hi Mike. Your help has been of great utility.</P><P></P><P>I will carry out his recommendations and I am going to observe the results.</P><P></P><P>Thanks again, and regards!</P><P></P><P>R.@.M.</P></BODY></HTML> Wed, 01 Feb 2006 16:24:25 GMT https://community.cisco.com/t5/network-security/pix-firewall-525-access-list-problem/m-p/508547#M528139 marulandar 2006-02-01T16:24:25Z