Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
269
Views
0
Helpful
1
Replies

FWSM and logging

mjsully
Level 1
Level 1

‎10-10-2008 12:53 PM - edited ‎03-11-2019 06:56 AM

trying to troubleshoot a host that sits behind a configured interface on a FWSM running 3.1(7). There is an ACL applied to this interface and its filtering other traffic for this host I am troubleshooting and it shows hits on the acl's, however, I put an entry in this acl for this host going to a particular destination and assigned it to line 1, and when the host tries to go to this destination (by ip, not hostname) I get no hits on the ACL. He gets a connection refused which tells me is he making it to the remote host, but why I'm not seeing a hit when its on line 1 is confusing me. I'm quite familiar with acl's so I know its applied correctly, no typo's, etc. And I also and filtering on the address on my syslog box and I don't see his attempts making it to the syslog. In fact, I only see deny traffic on the syslog for ANY address, so it may be my logging levels are not set right. Do I need to set it to trap at the debugging level to see permitted connections? In any case, why is this hitcounter not incrementing?

Labels:
0 Helpful
1 Reply 1

Farrukh Haroon
VIP Alumni
VIP Alumni

‎10-11-2008 03:14 AM

Did you clear the translation table and connection table after making the changes?

clear xlate

clear local-host

I wont hurt to remove/re-apply the ACL on the interface, just in case.

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card