cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
237
Views
0
Helpful
2
Replies

Cisco 3845 IOS12.4 Advanced IP K9 not logging all denied traffice

bhaskell
Level 1
Level 1

Recently turned up a 3845. Using SDM I configured class-maps and policy-maps. I made sure to add "log" to every deny ACL. The router seems to be dropping some packets and I'm not seeing log messages. When I remove the router interfaces from the zone security (disabling the inspection) everything works just fine. So I know something is being dropped in the security configuration. I am also having problems with NAT when the inspection is active.

Anybody have any ideas?

Thanks,

2 Replies 2

bretjaquish
Level 3
Level 3

The implicit DENY ALL at the end of ACL might not be logging the denied traffic.

At the end of each PM self-in, self-out, in-out and out-in, there are two deny statements, deny any any and drop all unmatched. Each of those statements has the action to log messages. They are logging dropped packets, but some things are being dropped and not generating messages.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: