https://community.cisco.com/t5/network-security/asa-acl-log/m-p/1731017#M553515 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>That is not really the way to go, for one hand, even unstrusted traffic or traffic that can be malicious can be flowing thru that ACL, so if you set logging, you will be able to see the packets hitting there, you will think well thats normal and then set an acl to let it in... <SPAN __jive_emoticon_name="sad" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/sad.gif"></SPAN> </P><P></P><P>Best approach is harden what is exactly that you need to allow to your network and narrow down the policies like that. </P><P></P><P>But in any case, if you want still going this way, put log at the end of the ACL with the permit ip any any, you will be able to see source, destinations and ports. </P><P></P><P>Mike </P></BODY></HTML> Thu, 16 Jun 2011 04:32:17 GMT Maykol Rojas 2011-06-16T04:32:17Z https://community.cisco.com/t5/network-security/asa-acl-log/m-p/1731016#M553514 <P>I am in the process of reviewing and cleaning up an inherited ASA.&nbsp; There is an ACL on a particular interface that is receiving a lot of hits because it is set to any any with protocol ip.&nbsp; I take it that is allowing all traffic .&nbsp; I would like to view the actual traffic that passes on this particular ACL so I can setup more restrictive ACLs and do away with this wide open ACL.</P> Mon, 11 Mar 2019 20:45:51 GMT https://community.cisco.com/t5/network-security/asa-acl-log/m-p/1731016#M553514 fasteddye 2019-03-11T20:45:51Z https://community.cisco.com/t5/network-security/asa-acl-log/m-p/1731017#M553515 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>That is not really the way to go, for one hand, even unstrusted traffic or traffic that can be malicious can be flowing thru that ACL, so if you set logging, you will be able to see the packets hitting there, you will think well thats normal and then set an acl to let it in... <SPAN __jive_emoticon_name="sad" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/sad.gif"></SPAN> </P><P></P><P>Best approach is harden what is exactly that you need to allow to your network and narrow down the policies like that. </P><P></P><P>But in any case, if you want still going this way, put log at the end of the ACL with the permit ip any any, you will be able to see source, destinations and ports. </P><P></P><P>Mike </P></BODY></HTML> Thu, 16 Jun 2011 04:32:17 GMT https://community.cisco.com/t5/network-security/asa-acl-log/m-p/1731017#M553515 Maykol Rojas 2011-06-16T04:32:17Z