2821 ISR
I've got a DAPE ACL I'm trying to build. One of the entries that caused a lot of problems was permitting NTP (UDP 123). I had an entry like this on an ACL:
permit udp <my.src.lan.ip> 0.0.0.255 host <our.external.NTP.server> log
This line did not get any hits, and NTP updates were failing on our Windows clients. (the final line is a deny ip any any)
I changed this line to read:
permit udp <my.src.lan.ip> 0.0.0.255 host <our.external.NTP.server>
Note that the only difference is that I'm not logging this line.
Once change, I saw hits on this line, and NTP updates on our Windows clients suddenly started going through and working.
Is this normal behavior? I can't see why logged ACL entries would make them fail to get picked up and let through.