Cisco 3845 IOS12.4 Advanced IP K9 not logging all denied traffice

Unanswered Question
May 5th, 2009
User Badges:

Recently turned up a 3845. Using SDM I configured class-maps and policy-maps. I made sure to add "log" to every deny ACL. The router seems to be dropping some packets and I'm not seeing log messages. When I remove the router interfaces from the zone security (disabling the inspection) everything works just fine. So I know something is being dropped in the security configuration. I am also having problems with NAT when the inspection is active.


Anybody have any ideas?


Thanks,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bhaskell Tue, 05/05/2009 - 05:43
User Badges:

At the end of each PM self-in, self-out, in-out and out-in, there are two deny statements, deny any any and drop all unmatched. Each of those statements has the action to log messages. They are logging dropped packets, but some things are being dropped and not generating messages.

Actions

This Discussion