05-05-2009 04:35 AM - edited 03-06-2019 05:32 AM
Recently turned up a 3845. Using SDM I configured class-maps and policy-maps. I made sure to add "log" to every deny ACL. The router seems to be dropping some packets and I'm not seeing log messages. When I remove the router interfaces from the zone security (disabling the inspection) everything works just fine. So I know something is being dropped in the security configuration. I am also having problems with NAT when the inspection is active.
Anybody have any ideas?
Thanks,
05-05-2009 05:30 AM
The implicit DENY ALL at the end of ACL might not be logging the denied traffic.
05-05-2009 05:43 AM
At the end of each PM self-in, self-out, in-out and out-in, there are two deny statements, deny any any and drop all unmatched. Each of those statements has the action to log messages. They are logging dropped packets, but some things are being dropped and not generating messages.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: