Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
575
Views
0
Helpful
1
Replies

Not all permitted message is followed by build in message

samarjit.das
Level 1
Level 1

‎05-06-2012 09:25 AM - edited ‎03-11-2019 04:02 PM

Hi

I have enabled acl information log in cisco ASA.Now my question is why I am not getting both 302013 & 106100 mesages for every traffic. What I believe is that I should get two traffic details for every 1st  packet hits the ACL. Built in message302013 should be followed by permitted mesaage106100 for each case. I am only getting permitted message106100.

Labels:
0 Helpful
1 Reply 1

Maykol Rojas
Cisco Employee
Cisco Employee

‎05-06-2012 07:01 PM

Hi,

In regards to your query, the following log 302013 will be displayed every time a new connection is being created. If the session is already establishedo on the ASA, the log will not appear. An example of that, I was doing a radius authentication lab early today and the connection was established on the ASA already, even thou it was a new authentication request, the session was the same and no new connections were established on the ASA.

About 106100 is the same thin, is only the first TCP packet that is going to be catched, for all other packets that belong to the same session, they are not going to be logged.

Mike

Mike
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card