cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


322
Views
0
Helpful
1
Replies
Highlighted
Beginner

Not all permitted message is followed by build in message

Hi

I have enabled acl information log in cisco ASA.Now my question is why I am not getting both 302013 & 106100 mesages for every traffic. What I believe is that I should get two traffic details for every 1st  packet hits the ACL. Built in message302013 should be followed by permitted mesaage106100 for each case. I am only getting permitted message106100.

1 REPLY 1
Cisco Employee

Not all permitted message is followed by build in message

Hi,

In regards to your query, the following log 302013 will be displayed every time a new connection is being created. If the session is already establishedo on the ASA, the log will not appear. An example of that, I was doing a radius authentication lab early today and the connection was established on the ASA already, even thou it was a new authentication request, the session was the same and no new connections were established on the ASA.

About 106100 is the same thin, is only the first TCP packet that is going to be catched, for all other packets that belong to the same session, they are not going to be logged.

Mike

Mike