Syslog problems

Unanswered Question
Aug 31st, 2007

I have the following ACL

access-list 100 permit tcp host 192.168.0.252 any eq www

access-list 100 permit tcp host 192.168.0.252 any eq 443

access-list 100 permit udp host 192.168.0.252 any eq 443

access-list 100 permit udp host 172.16.16.5 host 67.69.184.163 eq domain

access-list 100 permit tcp host 172.16.16.5 any eq www

access-list 100 permit tcp host 172.16.16.5 host 209.226.175.83 eq pop3

access-list 100 permit tcp host 172.16.16.5 host 209.226.175.63 eq smtp

access-list 100 permit tcp host 172.16.16.5 any eq 443

access-list 100 permit udp host 172.16.16.5 any eq 443

access-list 100 permit tcp host 172.16.16.2 host 172.16.16.1 eq telnet

access-list 100 permit tcp host 172.16.16.2 host 1.1.1.1 eq telnet

access-list 100 permit tcp host 172.16.16.5 eq 3389 host 10.10.10.2

access-list 100 permit tcp host 172.16.16.2 host 10.10.10.2 eq 65534

access-list 100 deny tcp any any log

access-list 100 deny udp any any log

access-list 100 deny ip any any log

I apply it to the inbound direction of an interface. Only broadcast traffic dropped by the ACL appears on the syslog server - no unicast.

for example,

telnet 1.2.3.4 1232

Does not show that the connection is being dropped, although it is, and is not forwarded out any interfaces.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mohammedmahmoud Sat, 09/01/2007 - 02:13

Hi,

I've copied your exact configuration and it worked perfectly as shown in the attached file, please make sure that you've enabled logging buffered or that you are accessing the router via console.

I've even tried to telnet to another port other than 23 as you've done and i got this:

*Jul 24 11:42:38.821: %SEC-6-IPACCESSLOGP: list 100 denied tcp 155.1.146.4(60849) -> 155.1.146.1(1232), 1 packet

HTH,

Mohammed Mahmoud.

Actions

This Discussion