cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1566
Views
15
Helpful
3
Replies

Inconsistent ACL hits seen in syslog

Nasos Ergot
Level 1
Level 1

Hi,

 

Any idea why traffic destined to port 443 might be bypassing an ACL for that port and hitting an IP any/any ACL that's at the bottom of the list, at least according to syslog.

 

The ACLs:

 

access-list inside_access_in line 5 extended permit tcp 10.1.0.0 255.255.0.0 any4 object-group DM_INLINE_TCP_6 (https & https) log disable (hitcnt=2951027) 0xb0c12c26


access-list inside_access_in line 24 extended permit ip any4 any4 log informational interval 300 (hitcnt=295888) 0x2bc0c8ca



What i see in syslog:

 

 

12-09-2018 15:22:19 Local7.Info 10.1.1.232 %ASA-6-106100: access-list inside_access_in permitted tcp inside/10.1.2.91(52106) -> outside-WAN/52.114.76.35(443) hit-cnt 1 first hit [0xb0c12c26, 0x15b7e092]


12-09-2018 15:22:19 Local7.Info 10.1.1.232 %ASA-6-106100: access-list inside_access_in permitted udp inside/10.1.2.7(51150) -> outside-WAN/216.58.206.46(443) hit-cnt 1 first hit [0x2bc0c8ca, 0x00000000]

How reliable is the information coming from syslog? 

 

1 Accepted Solution

Accepted Solutions

Alex Pfeil
Level 7
Level 7

The second log showed udp.


12-09-2018 15:22:19 Local7.Info 10.1.1.232 %ASA-6-106100: access-list inside_access_in permitted udp inside/10.1.2.7(51150) -> outside-WAN/216.58.206.46(443) hit-cnt 1 first hit [0x2bc0c8ca, 0x00000000]

 

Please rate helpful posts.

View solution in original post

3 Replies 3

Alex Pfeil
Level 7
Level 7

The second log showed udp.


12-09-2018 15:22:19 Local7.Info 10.1.1.232 %ASA-6-106100: access-list inside_access_in permitted udp inside/10.1.2.7(51150) -> outside-WAN/216.58.206.46(443) hit-cnt 1 first hit [0x2bc0c8ca, 0x00000000]

 

Please rate helpful posts.

You are absolutely right.

Thanks.

 

I need glasses.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card