Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
611
Views
0
Helpful
1
Replies

ASA ACL Log

fasteddye
Level 1
Level 1

‎06-15-2011 07:01 PM - edited ‎03-11-2019 01:45 PM

I am in the process of reviewing and cleaning up an inherited ASA.  There is an ACL on a particular interface that is receiving a lot of hits because it is set to any any with protocol ip.  I take it that is allowing all traffic .  I would like to view the actual traffic that passes on this particular ACL so I can setup more restrictive ACLs and do away with this wide open ACL.

Labels:
0 Helpful
1 Reply 1

Maykol Rojas
Cisco Employee
Cisco Employee

‎06-15-2011 09:32 PM

Hi

That is not really the way to go, for one hand, even unstrusted traffic or traffic that can be malicious can be flowing thru that ACL, so if you set logging, you will be able to see the packets hitting there, you will think well thats normal and then set an acl to let it in...

Best approach is harden what is exactly that you need to allow to your network and narrow down the policies like that.

But in any case, if you want still going this way, put log at the end of the ACL with the permit ip any any, you will be able to see source, destinations and ports.

Mike

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card