10-29-2012 06:05 AM - edited 03-11-2019 05:15 PM
Hey all,
Topic says it....I've configured my ASA to accept all traffic inside a number of different ways:
access-list inside_access_in extended permit ip 192.168.1.0 255.255.255.0 any log disable
access-list inside_access_in extended permit ip 192.168.1.0 255.255.255.0 interface inside log disable
access-list inside_access_in extended permit ip 192.168.1.0 255.255.255.0 object ASA log disable
I still see UDP broadcasts getting discarded:
Oct 29 06:54:04 asa %ASA-5-710005: UDP request discarded from 0.0.0.0/68 to inside:255.255.255.255/67
Oct 29 06:54:05 asa %ASA-5-710005: UDP request discarded from 0.0.0.0/68 to inside:255.255.255.255/67
Side note, I see a crazy amount of discards on 443 when accessing the ASA via ASDM:
Oct 29 06:46:34 asa %ASA-5-710005: TCP request discarded from 192.168.1.2/51824 to inside:192.168.1.254/443
Oct 29 06:46:34 asa %ASA-5-710005: TCP request discarded from 192.168.1.2/51820 to inside:192.168.1.254/443
I specifically log 710005. Tank you.
10-29-2012 08:21 AM
Hi,
your ACL statements are inactive because of disabled keyword.
Regards.
Alain
Don't forget to rate helpful posts.
10-29-2012 08:32 AM
That's actually disabling logging...
10-29-2012 09:39 AM
Hello James,
Yes, that is for logging purposes ( disabled keyword)
Now, the DHCP server is on a different interface correct? What is the ip address of the DHCP server, on what interface is that server located?
Can you share the following command:
show run dhcp relay
Regards,
10-29-2012 10:20 AM
It's blank..l don't have that set. Thinking I should add that in? Thank you.
10-29-2012 10:28 AM
Hello James,
I will be able to answer that if you answer the questions I sent you on the last post but yes I think you do need it,
Please answer that and I will provide you the configuration:
Now, the DHCP server is on a different interface correct?
What is the ip address of the DHCP server
on what interface is that server located?
Remember to rate all of the helpful posts ( if you do not know how to rate a post, just let me know I will teach you )
Regards
10-29-2012 10:37 AM
Ah shoot..missed them.
DHCP server is on the same switch as the Inside interface that the ASA is plugged into. The IP of the DHCP server is 192.168.1.253, and the ASA is 192.168.1.254. They are both in the same vlan. HOpe that one helps.
James
10-29-2012 10:42 AM
Hello James Lay,
Okay, so no DHCP relay is need it,
This packets are okay ( expected ) so no worry as you are getting DHCP to work
Oct 29 06:54:04 asa %ASA-5-710005: UDP request discarded from 0.0.0.0/68 to inside:255.255.255.255/67
Oct 29 06:54:05 asa %ASA-5-710005: UDP request discarded from 0.0.0.0/68 to inside:255.255.255.255/67
Now regarding this ones right here ( this ones I do not like them)
Oct 29 06:46:34 asa %ASA-5-710005: TCP request discarded from 192.168.1.2/51824 to inside:192.168.1.254/443
Oct 29 06:46:34 asa %ASA-5-710005: TCP request discarded from 192.168.1.2/51820 to inside:192.168.1.254/443
Can you share the following:
show run ASDM
show run http
Regards,
Jul;io
10-29-2012 07:21 PM
Hi Julio,
Here's the output:
ciscoasa# show run ASDM
asdm image disk0:/asdm-701.bin
no asdm history enable
ciscoasa# show run http
http server enable
http 192.168.1.0 255.255.255.0 inside
Thank you!
James
10-29-2012 08:15 PM
Hello,
Can you do the following:
clear configure ASDM
http server enable
http 192.168.1.0 255.255.255.0 inside
and then try to connect using ASDM?
If this does not work I would recommend you to let us have the show run of the ASA
10-30-2012 04:10 AM
Julio,
I run the above commands, I still see the same thing, however I did a packet capture on the local machine, and it appears that the ASA discard the FIN ACK packet of each session...the local machine shows a FIN ACK, and the next packet is the ASA sending a RST packet. This happens every time and I see the discard as soon as this happens. I can access and use the ASDM just fine, but it's a little annoying seeing a bunch of logs from my own machine Thanks for your assistance.
James
10-30-2012 10:22 AM
Hello James,
Okay so ASDM its working fine. So yes, basically this logs are not helpful at all.
You could stop logging them if need it, so the PC sends a FIN/ACK, good to know,
Let me know if you want to help me to stop logging this messages,
Remember to rate all of the helpful posts,( if you do not know how to do it, just let me know, I will teach you ;D)
Regards,
Julio
10-30-2012 07:10 PM
It's ok...thanks Julio. I just upgraded to 9.0(1) with 7.0.1 ASDM...same thing so eh...I think it's just the way Cisco does things. Thanks again.
James
10-30-2012 09:07 PM
Hello James,
Okay, Great to hear I could help,
If you do not have any other question please mark it as answered so future users can learn from this,
Regards,
10-30-2012 01:53 AM
what is in " sh run aaa" and do u have any user created locally or u using ACS ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide