Re: ASAv30 : Logs Flooded with Built/Teardown ICMP connection

S.U.H.E.L · ‎01-01-2020

Receiving the following logs (3/4 logs per second) making it difficult to look at the important ones.

<166>:Jan 02 10:06:12 EAT: %ASA-session-6-302020: Built inbound ICMP connection for faddr 10.254.70.1/1007 gaddr 172.31.23.174/0 laddr 172.31.23.174/0 type 8 code 0
<166>:Jan 02 10:06:13 EAT: %ASA-session-6-302021: Teardown ICMP connection for faddr 10.254.70.1/1007 gaddr 172.31.23.174/0 laddr 172.31.23.174/0 type 8 code 0

Need to find a way to disable these logs.

socratesp1980 · ‎01-02-2020

Hello,

You currently set your ASA to logg informational messages which is level 6.

You either need to display your messages at a higher lever than informational

logging trap 5 <-- which is the notification level

or

disable the specific messages and still receive informational messages

no logging message 302020
no logging message 302020

Additionally the message displays that your host is 10.254.70.1 is pinging 172.31.23.174. If that doesn't suppose to happen maybe you need to look to your host why is that happening.

Kind Regards.

S.U.H.E.L · ‎01-02-2020

thanks for your prompt response. the "no logging message" command made the logs go away.

The host is pinging since its a monitoring server and checking on the other device. So that cannot be altered and has to be that way.

Is it a common behavior to generate logs while pinging hosts over the VPN tunnel?

socratesp1980 · ‎01-02-2020

Going through a VPN tunnel is irrelevant for this case. You probably had informational messages turned on your ASA and building ICMP connections is an informational message. So in other words this is common