ASA 5500 series - Implicit deny

Answered Question
Oct 30th, 2008
User Badges:

Hi All,


I had a quick question regarding implicit denies on ASA5500. Are implicit deny rules logged? Or does an explicit deny rule have to be configured to log all dropped packets?


Thanks in advance for any help.

Correct Answer by Collin Clark about 8 years 8 months ago

Implicit is not logged (CLI) and if you configure explicit, it can log.


Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
guibarati Thu, 10/30/2008 - 10:26
User Badges:
  • Bronze, 100 points or more

When you look at realtime log monitor through ASDM it will show you the deny enteries even if it's caused by an implicit rule.

Correct Answer
Collin Clark Thu, 10/30/2008 - 10:26
User Badges:
  • Purple, 4500 points or more

Implicit is not logged (CLI) and if you configure explicit, it can log.


Hope that helps.

Actions

This Discussion