cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1195
Views
0
Helpful
7
Replies

ASA5550 - logging disable issue

Hello,

My Firewall is an ASA 5550 running software 8.0(3).

I have many times the following message in my logs:

"%asa-2-106006: deny inbound udp from 192.168.1.x/138 to 192.168.1.255/138 on interface outside".

The range 192.168.1.128/25 is the pool for my IPSec remote access users.

I don't want to use the "sysopt connection permit-vpn". So I have some specific rules on my outside interface for VPN access.

I've put 2 rules for disabling logging on Netbios protocol.

"access-list outside_access_in extended deny udp 192.168.1.128 255.255.255.128 host 192.168.1.255 object-group NBT-UDP log disable"

"access-list outside_access_in extended deny udp 192.168.1.128 255.255.255.128 any object-group NBT-UDP log disable"

Object-Group NBT-UDP is defined as below:

object-group service NBT-UDP udp

port-object eq 135

port-object eq 136

port-object eq 137

port-object eq 138

port-object eq 139

Is there any errors in my config ?

How could I do to remove "noise" provided by NetBios traffic from my IPSec remote users ?

Thanks

Christian

1 Accepted Solution

Accepted Solutions

Yup it did not come from the ACL engine, that seems obvious and this is a pretty old behavior of the finesse code. It runs two sets of logging functions. Even if you don't have ANY acl on a interface, all connection messages are 'logged' on the firewall.

Regards

Farrukh

View solution in original post

7 Replies 7

Farrukh Haroon
VIP Alumni
VIP Alumni

Not all messages are generated due to the 'log' message on the ACL on the ASA/PIX.

As per the command referenace:

" If you enter the log keyword without any arguments, you enable system log message 106100 at the default level (6) and for the default interval (300 seconds). If you do not enter the log keyword, then the default system log message 106023 is generated. "

You can disable this message by:

no logging message 106006

But this will disable this message for all flows. You could also push this message to level 7 and log to level 6.

Regards

Farrukh

Thanks for your answer Farrukh.

But I don't want to disable syslog message 106006.

I only want to disable logging for netbios traffic on broadcast address.

Is it possible or not ?

Many thanks

Regards,

Christian

As far as I know, you cannot filter syslogs based on particular IPS.

Regards

Farrukh

As far as I know, you cannot filter syslogs based on particular IPS.

Regards

Farrukh

I agree with you regarding the "logging filter" command.

If I well understand your answer, in my case, the log didn't come from the ACL engine.

So putting rules with option "log disable", as I've done, will not solve my issue ?

Regards,

Christian

Yup it did not come from the ACL engine, that seems obvious and this is a pretty old behavior of the finesse code. It runs two sets of logging functions. Even if you don't have ANY acl on a interface, all connection messages are 'logged' on the firewall.

Regards

Farrukh

OK.

Thanks for your help and your explaination.

Regards,

Christian

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: