https://community.cisco.com/t5/network-security/asa-syslog/m-p/1327735#M859163 <HTML><HEAD></HEAD><BODY><P>It blocks it because there is no rule to permit it. The only rule with 207.105.ttt.ttt is the following-</P><P></P><P>access-list OUTSIDE-ACL extended permit udp any host 207.105.ttt.ttt eq syslog </P><P></P><P>Anything other than syslog will be denied.</P></BODY></HTML> Tue, 23 Jun 2009 19:16:47 GMT Collin Clark 2009-06-23T19:16:47Z https://community.cisco.com/t5/network-security/asa-syslog/m-p/1327734#M859158 <P>Why does the firewall block the following IPs? 207.105.ttt.ttt is the outside int. of the firewall. Below the syslog mssgs is the firewall's "access-list OUTSIDE-ACL". </P><P></P><P>06-23-2009 09:33:38 Local4.Warning 192.168.1.10 Jun 23 2009 09:06:52: %ASA-4-106023: Deny udp src outside:77.67.10.132/3478 dst Inside:207.105.ttt.ttt/51458 by access-group "OUTSIDE-ACL" [0x0, 0x0]</P><P>06-23-2009 09:33:29 Local4.Warning 192.168.ooo.ooo Jun 23 2009 09:06:43: %ASA-4-106023: Deny tcp src outside:78.153.19.185/2427 dst outside:207.105.ttt.ttt/445 by access-group "OUTSIDE-ACL" [0x0, 0x0]</P><P></P><P>access-list OUTSIDE-ACL extended permit udp any host 207.105.ttt.ttt eq syslog</P><P>access-list OUTSIDE-ACL extended permit icmp any any echo</P><P>access-list OUTSIDE-ACL extended permit icmp any any echo-reply</P><P>access-list OUTSIDE-ACL extended permit icmp any any unreachable</P><P>access-list OUTSIDE-ACL extended permit icmp any any time-exceeded</P><P>access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq smtp</P><P>access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq ssh</P><P>access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq https</P><P>access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq www</P><P>access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq pop3</P><P>access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.yyy</P><P>access-list OUTSIDE-ACL extended deny tcp host 60.223.nnn.ttt any</P><P>access-list OUTSIDE-ACL extended deny tcp host 89.0.fff.eee any</P><P>access-list OUTSIDE-ACL remark "IPS ALERT ACCESS TO BARACUDA"</P><P>access-list OUTSIDE-ACL remark "IPS ALERT ACCESS TO BARACUDA"</P><P>access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.yyy eq https</P> Mon, 11 Mar 2019 15:47:00 GMT https://community.cisco.com/t5/network-security/asa-syslog/m-p/1327734#M859158 saidfrh 2019-03-11T15:47:00Z https://community.cisco.com/t5/network-security/asa-syslog/m-p/1327735#M859163 <HTML><HEAD></HEAD><BODY><P>It blocks it because there is no rule to permit it. The only rule with 207.105.ttt.ttt is the following-</P><P></P><P>access-list OUTSIDE-ACL extended permit udp any host 207.105.ttt.ttt eq syslog </P><P></P><P>Anything other than syslog will be denied.</P></BODY></HTML> Tue, 23 Jun 2009 19:16:47 GMT https://community.cisco.com/t5/network-security/asa-syslog/m-p/1327735#M859163 Collin Clark 2009-06-23T19:16:47Z https://community.cisco.com/t5/network-security/asa-syslog/m-p/1327736#M859168 <HTML><HEAD></HEAD><BODY><P>Since this is a stateful firewall, does access to the firewall from outside that was not initiated from the inside produce a syslog message?</P></BODY></HTML> Tue, 23 Jun 2009 19:32:11 GMT https://community.cisco.com/t5/network-security/asa-syslog/m-p/1327736#M859168 saidfrh 2009-06-23T19:32:11Z https://community.cisco.com/t5/network-security/asa-syslog/m-p/1327737#M859173 <HTML><HEAD></HEAD><BODY><P>You will need to set the logging level to Informational (6).</P></BODY></HTML> Tue, 23 Jun 2009 19:34:22 GMT https://community.cisco.com/t5/network-security/asa-syslog/m-p/1327737#M859173 Collin Clark 2009-06-23T19:34:22Z