I need some help troubleshooting a connectivity issue. Everything works fine except for this one device.
1) If I see a NAT entry for a specific ip address (19184.108.40.206) when I run "sh ip nat translations", does that mean the fw allowed it and it went to the destination? ie: passed through the firewall
sh ip nat translations inc 192.168.1.17 udp 220.127.116.11:3060 192.168.1.17:3060 18.104.22.168:3011 22.214.171.124:3011
2) How can I log drops ONLY for a specific ip address (192.168.1.17)?
The application needs to speak outbound only on port 3011 and I believe my outbound config allows everything.
class-map type inspect match-any IN-TO-OUT-ALLOW-ALL-CLASS match protocol tcp match protocol udp match protocol icmp
policy-map type inspect IN-TO-OUT-POLICY class type inspect IN-TO-OUT-ALLOW-ALL-CLASS inspect class class-default drop log
zone security INSIDE zone security OUTSIDE zone-pair security IN-TO-OUT source INSIDE destination OUTSIDE service-policy type inspect IN-TO-OUT-POLICY
interface GigabitEthernet0/0 description INSIDE_LAN_192_168-1_0 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in zone-member security INSIDE duplex auto speed auto !
interface GigabitEthernet0/1 description OUTSIDE_INTERNET bandwidth 51200 ip address x.x.x.x 255.255.255.0 ip nbar protocol-discovery ip flow ingress ip flow egress ip nat outside ip virtual-reassembly in zone-member security OUTSIDE duplex auto speed auto crypto map vpnmap
When we said the word “hybrid” in the past, it usually recalled the image of a new variety of plant or maybe an electric car. These days, it applies to the workplace too.
The future of work isn’t “changing” to a h...
Thanks for attending our Ask the Experts (ATXs) session! Here’s the post-session resources for easy reference.
New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology q...
Cisco Secure Endpoint
New packages fit for every organization
Every Cisco Secure Endpoint (formerly AMP for Endpoints) package comes with Cisco SecureX built-in. It’s our cloud-native platform that integrates all your security solutions into one view wit...
Our Cisco experts and guests chat about how the integration of Cisco Secure Firewall + Secure Workload is securely accelerating application delivery by allowing NetOps to start running at DevOps speed, and what that means for business success.