09-20-2018 06:49 AM - edited 02-21-2020 08:15 AM
Hi,
Any idea why traffic destined to port 443 might be bypassing an ACL for that port and hitting an IP any/any ACL that's at the bottom of the list, at least according to syslog.
The ACLs:
access-list inside_access_in line 5 extended permit tcp 10.1.0.0 255.255.0.0 any4 object-group DM_INLINE_TCP_6 (https & https) log disable (hitcnt=2951027) 0xb0c12c26 access-list inside_access_in line 24 extended permit ip any4 any4 log informational interval 300 (hitcnt=295888) 0x2bc0c8ca
What i see in syslog:
12-09-2018 15:22:19 Local7.Info 10.1.1.232 %ASA-6-106100: access-list inside_access_in permitted tcp inside/10.1.2.91(52106) -> outside-WAN/52.114.76.35(443) hit-cnt 1 first hit [0xb0c12c26, 0x15b7e092] 12-09-2018 15:22:19 Local7.Info 10.1.1.232 %ASA-6-106100: access-list inside_access_in permitted udp inside/10.1.2.7(51150) -> outside-WAN/216.58.206.46(443) hit-cnt 1 first hit [0x2bc0c8ca, 0x00000000]
How reliable is the information coming from syslog?
Solved! Go to Solution.
09-20-2018 09:41 AM
The second log showed udp.
12-09-2018 15:22:19 Local7.Info 10.1.1.232 %ASA-6-106100: access-list inside_access_in permitted udp inside/10.1.2.7(51150) -> outside-WAN/216.58.206.46(443) hit-cnt 1 first hit [0x2bc0c8ca, 0x00000000]
Please rate helpful posts.
09-20-2018 09:41 AM
The second log showed udp.
12-09-2018 15:22:19 Local7.Info 10.1.1.232 %ASA-6-106100: access-list inside_access_in permitted udp inside/10.1.2.7(51150) -> outside-WAN/216.58.206.46(443) hit-cnt 1 first hit [0x2bc0c8ca, 0x00000000]
Please rate helpful posts.
09-21-2018 06:11 AM - edited 09-21-2018 06:12 AM
You are absolutely right.
09-21-2018 06:18 AM
Thanks.
I need glasses.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: