Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1901
Views
0
Helpful
2
Replies

Firewall Logging on ASA 5520

Go to solution
miguel.desantiago
Level 1
Level 1

‎10-05-2012 10:47 AM - edited ‎03-11-2019 05:05 PM

Hello Cisco Support Community,

I have an ASA 5520 in my company which does all our NAT and Firewall access control.  Currently there is a rule in place to allow an incomming connection on port 2222 from a specific ip address to allow access to a web app our developers created.  This is a test before the web app is released live.  Now the web app can communicate with the specific address and port but the incomming connection on port 2222 isn't getting through.  Everything looks great in the firewall but how can I log any hits this ACL takes to identify any potential problems?

Thank!!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎10-05-2012 12:23 PM

Hello Miguel,

Just add the keyword log at the end of the ACL, that should do  it ( It will generate a log for each hit)

Now the easiest way. You have already an ACL on the outside interface ( let's say is called outside_in)

So just do a show access-list outside_in  and look for the entry that you have configured to allow access on port 2222. Then check if the hit-count is incrementing   ( You can always clear the access-list counters with the command :

clear access-list outside_in counters)

Regards,

Remember to rate all of the helpful posts!!

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎10-05-2012 12:23 PM

Hello Miguel,

Just add the keyword log at the end of the ACL, that should do  it ( It will generate a log for each hit)

Now the easiest way. You have already an ACL on the outside interface ( let's say is called outside_in)

So just do a show access-list outside_in  and look for the entry that you have configured to allow access on port 2222. Then check if the hit-count is incrementing   ( You can always clear the access-list counters with the command :

clear access-list outside_in counters)

Regards,

Remember to rate all of the helpful posts!!

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
hobbe
Level 7
Level 7

‎10-05-2012 12:37 PM

Hi

I am a littlebit unsure what you have working. you state that the webapp can communicate but then you state that 2222 is not getting through..

I would take a look att the command Packet-tracer.

With this command you can test what the firewall will do with a packet ibound on that port.

it will let you know if there is a problem with the configuration.

Good luck

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card