Strange

Unanswered Question
Apr 7th, 2009

ACL was created and logging the packets denied but the ACL is not applied to any interface or line?, why would this creating log entries?.. also how can I determine which interface certain packets are arriving on?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vmoopeung Mon, 04/13/2009 - 05:03

By default, when traffic is denied by an extended ACE or a Webtype ACE, the adaptive security appliance generates system message 106023 for each denied packet, in the following form:


%ASA|PIX-4-106023: Deny protocol src [interface_name:source_address/source_port] dst

interface_name:dest_address/dest_port [type {string}, code {code}] by access_group acl_id


If the adaptive security appliance is attacked, the number of system messages for denied packets can be very large. We recommend that you instead enable logging using system message 106100, which provides statistics for each ACE and lets you limit the number of system messages produced. Alternatively, you can disable all logging.


You can configure the logging for an Access Control Entry to know about packets arraving:

http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/traffic.html#wp1061688


Actions

This Discussion