Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
235
Views
3
Helpful
1
Replies

Firewall log

suthomas1
Level 6
Level 6

‎06-11-2009 02:18 AM - edited ‎03-11-2019 08:41 AM

I have an ASA whose end of access list for a group doesnt showup the implicit deny ip any line.I believe this is by implicit built in, but it doesnt show up in config.Does this require to be added in manually at the end of acl & should it be appended with log keyword to show up logs of denial?

Would the traffic that is being permitted be shown in logs(sh log asdm).Iam trying to work on a case but when access is tested (which is permitted) i dont see anything with this command, but i can see the connection table for this in connections?

Please suggest.

Labels:
0 Helpful
1 Reply 1

BrinksArgentina
Level 1
Level 1

‎06-11-2009 04:24 AM

1) You only need no manualy add the deny any any to see the counter of all filtered traffic. (I do that)

2) You can see permited and denied traffic using log in debug or informational mode

logging enable

logging timestamp

logging buffer-size 1048576

logging buffered informational

And use sh log to see it.


Guido.

Please rate all the helpful comments.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card