My Firewall is an ASA 5550 running software 8.0(3).
I have many times the following message in my logs:
"%asa-2-106006: deny inbound udp from 192.168.1.x/138 to 192.168.1.255/138 on interface outside".
The range 192.168.1.128/25 is the pool for my IPSec remote access users.
I don't want to use the "sysopt connection permit-vpn". So I have some specific rules on my outside interface for VPN access.
I've put 2 rules for disabling logging on Netbios protocol.
"access-list outside_access_in extended deny udp 192.168.1.128 255.255.255.128 host 192.168.1.255 object-group NBT-UDP log disable"
"access-list outside_access_in extended deny udp 192.168.1.128 255.255.255.128 any object-group NBT-UDP log disable"
Object-Group NBT-UDP is defined as below:
object-group service NBT-UDP udp
port-object eq 135
port-object eq 136
port-object eq 137
port-object eq 138
port-object eq 139
Is there any errors in my config ?
How could I do to remove "noise" provided by NetBios traffic from my IPSec remote users ?
Yup it did not come from the ACL engine, that seems obvious and this is a pretty old behavior of the finesse code. It runs two sets of logging functions. Even if you don't have ANY acl on a interface, all connection messages are 'logged' on the firewall.