Showing results for 
Search instead for 
Did you mean: 

Pen test from outside the firewall


Hi Team,

               If somebody is trying to pen test from outside to inside network. In Cisco ASA which feature i have to enable to stop that. After enabling this, what event is generated and what is the message id for it.

Please suggest on this.



1 Reply 1

Pulkit Saxena
Cisco Employee
Cisco Employee


Ideally the penetration test should fail as per the default behavior of the ASA itself.

Since outside interface is on the lowest security level, no packet should be allowed to go through unless it has been allowed in the ACL (also keeping NAT in mind).

Please check the ACL's that you have in inbound direction on the outside interface of the ASA.

In regards to the syslog's that you should be ideally seeing are :

  • Syslog message when there is no connection entry:

    %ASA-6-106015: Deny TCP (no connection) from IP_address/port to
    IP_address/port flags tcp_flags on interface interface_name
  • Syslog message when the packet is denied by an ACL:

    %ASA-4-106023: Deny protocol src [interface_name:source_address/source_port]
    dst interface_name:dest_address/dest_port by access_group acl_ID
  • Syslog message when there is no translation rule found:

    %ASA-3-305005: No translation group found for protocol src interface_name:
    source_address/source_port dst interface_name:dest_address/dest_port
  • Syslog message when a packet is denied by Security Inspection:

    %ASA-4-405104: H225 message received from outside_address/outside_port to
    inside_address/inside_port before SETUP
  • Syslog message when there is no route information:

    %ASA-6-110003: Routing failed to locate next-hop for protocol from src
    interface:src IP/src port to dest interface:dest IP/dest port

Above mentioned are the most commonly seen syslog messages on a perimeter firewall when traffic is denied by the firewall.



Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers