08-06-2008 05:27 AM - edited 03-11-2019 06:26 AM
Hello,
My Firewall is an ASA 5550 running software 8.0(3).
I have many times the following message in my logs:
"%asa-2-106006: deny inbound udp from 192.168.1.x/138 to 192.168.1.255/138 on interface outside".
The range 192.168.1.128/25 is the pool for my IPSec remote access users.
I don't want to use the "sysopt connection permit-vpn". So I have some specific rules on my outside interface for VPN access.
I've put 2 rules for disabling logging on Netbios protocol.
"access-list outside_access_in extended deny udp 192.168.1.128 255.255.255.128 host 192.168.1.255 object-group NBT-UDP log disable"
"access-list outside_access_in extended deny udp 192.168.1.128 255.255.255.128 any object-group NBT-UDP log disable"
Object-Group NBT-UDP is defined as below:
object-group service NBT-UDP udp
port-object eq 135
port-object eq 136
port-object eq 137
port-object eq 138
port-object eq 139
Is there any errors in my config ?
How could I do to remove "noise" provided by NetBios traffic from my IPSec remote users ?
Thanks
Christian
Solved! Go to Solution.
08-06-2008 06:55 AM
Yup it did not come from the ACL engine, that seems obvious and this is a pretty old behavior of the finesse code. It runs two sets of logging functions. Even if you don't have ANY acl on a interface, all connection messages are 'logged' on the firewall.
Regards
Farrukh
08-06-2008 06:28 AM
Not all messages are generated due to the 'log' message on the ACL on the ASA/PIX.
As per the command referenace:
" If you enter the log keyword without any arguments, you enable system log message 106100 at the default level (6) and for the default interval (300 seconds). If you do not enter the log keyword, then the default system log message 106023 is generated. "
You can disable this message by:
no logging message 106006
But this will disable this message for all flows. You could also push this message to level 7 and log to level 6.
Regards
Farrukh
08-06-2008 06:36 AM
Thanks for your answer Farrukh.
But I don't want to disable syslog message 106006.
I only want to disable logging for netbios traffic on broadcast address.
Is it possible or not ?
Many thanks
Regards,
Christian
08-06-2008 06:40 AM
As far as I know, you cannot filter syslogs based on particular IPS.
Regards
Farrukh
08-06-2008 06:40 AM
As far as I know, you cannot filter syslogs based on particular IPS.
Regards
Farrukh
08-06-2008 06:47 AM
I agree with you regarding the "logging filter" command.
If I well understand your answer, in my case, the log didn't come from the ACL engine.
So putting rules with option "log disable", as I've done, will not solve my issue ?
Regards,
Christian
08-06-2008 06:55 AM
Yup it did not come from the ACL engine, that seems obvious and this is a pretty old behavior of the finesse code. It runs two sets of logging functions. Even if you don't have ANY acl on a interface, all connection messages are 'logged' on the firewall.
Regards
Farrukh
08-06-2008 07:03 AM
OK.
Thanks for your help and your explaination.
Regards,
Christian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide