I'm using nmap and Nessus to port scan the external facing IP range of my ASA. When I port scan the "outside" IP my syslog server fills up with deny errors which is great. However I have other external IP's which are NAT'd to webservers on my Cisco 3750 which is trunked of the ASA and these never appear in the syslog server.
It could be just my understanding but the firewall's ACL's/ACE's are doing all the blocking so shouldn't the deny's be appearing in the ASDM console or syslog server saying they have denied access from a remote IP? It only shows the firewalls "outside" interface IP.
My "outside" interface is simply connected to our ISP's Cisco Internet router and we have 20 public IP's to assign to various roles like webserver etc.