Solved: Re: logging configuration

vipinrajrc · ‎03-18-2011

Hi Experts,

Recently i implemented Kiwisyslog server in Office. from the logs it was clear that someone was trying to access our network. It was showing TCP connection denied from the src IP address<a public IP>. When i checked the IP address, that IP address was from england, also there was multiple IP address (4 or 5) from different location. and the priority level of all the message is warning. I am using ASA5505. Is it normal in everywhere???

If there any solution for this??? please reply....ASAP urgent.......

Thanks&Regards

Vipin Raj R.C

Thanks and Regards, Vipin

padatta · ‎03-18-2011

Hi,

There might be illegitimate attempts to gain access from outside. We should be fine until ASA is able to deny these attempts AND the rate of such attempts are not so high as to 'kill' the ASA (like DoS).

Unless these packets are blocked somewhere on the outside, they will reach the ASA. The ASA has to perform the security check and ultimately deny them. This is fine as long as such packets are not very frequent. But if they shoot up then it would be better to block them at ISP level or on outside router.

Paps

View solution in original post

padatta · ‎03-18-2011

Hi,

There might be illegitimate attempts to gain access from outside. We should be fine until ASA is able to deny these attempts AND the rate of such attempts are not so high as to 'kill' the ASA (like DoS).

Unless these packets are blocked somewhere on the outside, they will reach the ASA. The ASA has to perform the security check and ultimately deny them. This is fine as long as such packets are not very frequent. But if they shoot up then it would be better to block them at ISP level or on outside router.

Paps