cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
344
Views
0
Helpful
3
Replies

ASA Logging

Alan Douglas
Level 1
Level 1

Hi all

I'm having issues with the logging configuration on cisco ASA's, the asa's will log blocked traffic to the asdm console and systelog but it seems to deplend on the incoming ports.

It is logging at level 4, which looks like it should log blocked IP however its skipping traffic.

It logs icmp, 22 80 but non unknown ports link 10000 or 7000.

Id like to see all of the blocked traffic for debug reasons, how to I get the logging to show all blocks.

Thank in advance.

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

Incoming traffic to a non-listening port would be exepcted to be dropped silently.

I've not tried it but if you were to put in a final ACL entry with the "control-plane" and 'log" options you might get those events as syslog events.

Why would you want to?

Hi there

Basically an external company wants a port forward to another system, SIP based, I've done the port changes they asked, it works when i test the rules with some other IP but the other vendor insist I haven't as it doesn't work.

But I cant see the traffic hitting the ports for the logs so it hard to prove that the traffic is hitting the ASA at all.

If I can get the logging log everything, I'm hoping it will tell me where the traffic is actually doing.

OK - that makes sense. You can also run a packet capture on the ASA for the traffic in question and review that. You can filter the capture with the usual 5-tuple (protocol, source/dest addresses and ports) as well as interface. You can capture on both input and output interfaces.

I always find the actual bits on the wire as a good way to end such arguments about whether or not certain traffic is arriiving as expected. :)

Review Cisco Networking for a $25 gift card