06-23-2009 10:29 AM - edited 03-11-2019 08:47 AM
Why does the firewall block the following IPs? 207.105.ttt.ttt is the outside int. of the firewall. Below the syslog mssgs is the firewall's "access-list OUTSIDE-ACL".
06-23-2009 09:33:38 Local4.Warning 192.168.1.10 Jun 23 2009 09:06:52: %ASA-4-106023: Deny udp src outside:77.67.10.132/3478 dst Inside:207.105.ttt.ttt/51458 by access-group "OUTSIDE-ACL" [0x0, 0x0]
06-23-2009 09:33:29 Local4.Warning 192.168.ooo.ooo Jun 23 2009 09:06:43: %ASA-4-106023: Deny tcp src outside:78.153.19.185/2427 dst outside:207.105.ttt.ttt/445 by access-group "OUTSIDE-ACL" [0x0, 0x0]
access-list OUTSIDE-ACL extended permit udp any host 207.105.ttt.ttt eq syslog
access-list OUTSIDE-ACL extended permit icmp any any echo
access-list OUTSIDE-ACL extended permit icmp any any echo-reply
access-list OUTSIDE-ACL extended permit icmp any any unreachable
access-list OUTSIDE-ACL extended permit icmp any any time-exceeded
access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq smtp
access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq ssh
access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq https
access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq www
access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq pop3
access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.yyy
access-list OUTSIDE-ACL extended deny tcp host 60.223.nnn.ttt any
access-list OUTSIDE-ACL extended deny tcp host 89.0.fff.eee any
access-list OUTSIDE-ACL remark "IPS ALERT ACCESS TO BARACUDA"
access-list OUTSIDE-ACL remark "IPS ALERT ACCESS TO BARACUDA"
access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.yyy eq https
Solved! Go to Solution.
06-23-2009 12:34 PM
You will need to set the logging level to Informational (6).
06-23-2009 12:16 PM
It blocks it because there is no rule to permit it. The only rule with 207.105.ttt.ttt is the following-
access-list OUTSIDE-ACL extended permit udp any host 207.105.ttt.ttt eq syslog
Anything other than syslog will be denied.
06-23-2009 12:32 PM
Since this is a stateful firewall, does access to the firewall from outside that was not initiated from the inside produce a syslog message?
06-23-2009 12:34 PM
You will need to set the logging level to Informational (6).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide