07-21-2015 03:09 AM - edited 02-21-2020 05:32 AM
Hello,
I have ASA 5520 with interface 'inside' in local network and interface 'outside' facing the internet.
there are line ssh 192.168.0.0 255.255.0.0 inside for access to ASA from local network. And deny any any rule for incoming traffic on 'outside' interface.
I see a lot of denying connection from different addresses to 'outside' interface on ASA in syslog. When I scan outside interface with nmap from internet tcp/22 port is marked as closed. Are there any possibilities to make it filtered?
Solved! Go to Solution.
07-21-2015 09:19 AM
The syslog entries are just an indicator of the ASA doing its job of blocking the script kiddies from getting in to your firewall. I see them all the time on Internet-facing firewalls when the logging level is set high enough and there's an explicit deny on the inbound access-list (vs. the implicit deny any any that will be on the outside).
You can either lower the logging level (4 is recommended), filter that message, or change it to a level that's less important than your day-to-day level so it goes away as a recurring message that requires no action.
07-21-2015 09:19 AM
The syslog entries are just an indicator of the ASA doing its job of blocking the script kiddies from getting in to your firewall. I see them all the time on Internet-facing firewalls when the logging level is set high enough and there's an explicit deny on the inbound access-list (vs. the implicit deny any any that will be on the outside).
You can either lower the logging level (4 is recommended), filter that message, or change it to a level that's less important than your day-to-day level so it goes away as a recurring message that requires no action.
07-21-2015 08:16 PM
Thank you very much
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide