Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
439
Views
0
Helpful
0
Replies

ASA logs - orphaned traffic

asidd
Level 1
Level 1

‎09-04-2020 08:13 AM

Hi All,

I have separate bidirectional rules in my firewall (ASA 5545-X) for different applications (including VoIP). What is puzzling here is if i capture logs for the traffic coming from OUTSIDE (of firewall) back into the segmented environment i am seeing entries that should have been logged under inside interfaces initiating those connections. Reason why i am saying that: i am seeing a lower end source port session logged under the OUTSIDE interface with a higher end DP. Examples:

 

SA: 10.100.11.20, SP: TCP(88) , DA=10.47.10.42, DP(50014 to 65408)

SA: 10.100.11.20, SP: UDP(53) , DA=10.47.10.37, DP(58146)

 

Is the firewall closing the session so it gets logged under a new session under OUTSIDE. Is there a timer issue here i need to check where it waits for a response and if it doesnt see it under a specific amount of time it will log it against the OUTSIDE rather than associating it to a session built from Inside (10.47.x.x)

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card