Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
261
Views
0
Helpful
0
Replies

ASA: Disable ACE Logging of cleanup rule

stephan.ochs
Level 1
Level 1

‎09-20-2022 02:41 AM

Hello Community
I hope somebody can give me a hint, how to suppress logging of a certain ACE in my ASA's ACL.
There are two cleanup rules at the end of my ACL.
stephanochs_0-1663666129697.png
Denied access to internal addresses shall be logged (works well) and all other (to official addresses) aren't interesting and shall be dropped without log.
For example, they are happening when a client establishes his VPN while being connected to external services (Teams Client or other). We have a non-split-tunnel, so this traffic will be tunneled to our VPN gateway.

As you can see, there are no hits on the "any/any deny" rule.
But I can see a huge amount of logs "Inbound ... connection denied ..." from the client to official addresses.stephanochs_1-1663666792000.png
Why don't they hit the rule? And, finally, get not logged (because of logging disabled)).

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card