Firewall log

Unanswered Question
Jun 11th, 2009

I have an ASA whose end of access list for a group doesnt showup the implicit deny ip any line.I believe this is by implicit built in, but it doesnt show up in config.Does this require to be added in manually at the end of acl & should it be appended with log keyword to show up logs of denial?

Would the traffic that is being permitted be shown in logs(sh log asdm).Iam trying to work on a case but when access is tested (which is permitted) i dont see anything with this command, but i can see the connection table for this in connections?

Please suggest.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
BrinksArgentina Thu, 06/11/2009 - 04:24

1) You only need no manualy add the deny any any to see the counter of all filtered traffic. (I do that)

2) You can see permited and denied traffic using log in debug or informational mode

</p><p>logging enable</p><p>logging timestamp</p><p>logging buffer-size 1048576</p><p>logging buffered informational</p><p>

And use sh log to see it.


Please rate all the helpful comments.


This Discussion