I am trying to create a DMZ VLAN. How do I permit return traffic for an established connection with the ACL on the VLAN Interface on the switch? The WS-C3750 does not allow the IP INSPECT config command, like on the router.
I recently turned the Firewall Feature set on for one of our remote sites that previously had only PAT for security. We are seeing about 1600 attempts an hour to access the PAT address on TCP and UDP port 15687. Anyone have any idea what is going o...
I have a 2801 connected to the Internet running the Firewall Feature Set. Version is 12.3(8r)T8. I keep getting log messages that the router has denied access from some random webservers from Port 80. We are running NAT Overload and when I show the N...
Is there a way to hide the crypto pre-shared key in IOS? Following is an example of a config command where the key is not hidden:crypto isakmp key cisco123 address 10.0.110.1Thanks!
I think it is pretty odd too! The syslog does contain logs for actual traffic to port 15687. Here is an example:Jun 13 00:35:00.486: %SEC-6-IPACCESSLOGP: list 106 permitted udp 10.5.60.17(15687) -> 59.60.9.68(15687), 1 packet It is a bit of a mystery...
Here is the ACL. It is applied to the inside GI0/1 int:access-list 106 remark auto generated by SDM firewall configurationaccess-list 106 remark SDM_ACL Category=1access-list 106 permit tcp any any eq 15687 logaccess-list 106 permit udp any any eq 15...
Thanks! Good document. At this point, I am really interested in knowing what this traffic is. It has been continuing steady for 2 weeks. Also, as a followup question. I put an outbound ACL that just logs traffic on tcp/udp port 15687. Oddly enough, w...
Here is an example of the log messages we get 2 or 3 times a minute. The from address is a valid web site. I changed the NAT Overload address to protect the innocent:995990: Apr 26 20:56:20.315: %SEC-6-IPACCESSLOGP: list 105 denied tcp 170.107.179.50...
There is lots of port redirection on this router, but not on the NAT Overload IP address. Unfortunately, I can't post the whole config as there are some serious security issues that need to be addressed. Let me know if there are some specific parts...