ASA syslog

Answered Question
Jun 23rd, 2009

Why does the firewall block the following IPs? 207.105.ttt.ttt is the outside int. of the firewall. Below the syslog mssgs is the firewall's "access-list OUTSIDE-ACL".

06-23-2009 09:33:38 Local4.Warning 192.168.1.10 Jun 23 2009 09:06:52: %ASA-4-106023: Deny udp src outside:77.67.10.132/3478 dst Inside:207.105.ttt.ttt/51458 by access-group "OUTSIDE-ACL" [0x0, 0x0]

06-23-2009 09:33:29 Local4.Warning 192.168.ooo.ooo Jun 23 2009 09:06:43: %ASA-4-106023: Deny tcp src outside:78.153.19.185/2427 dst outside:207.105.ttt.ttt/445 by access-group "OUTSIDE-ACL" [0x0, 0x0]

access-list OUTSIDE-ACL extended permit udp any host 207.105.ttt.ttt eq syslog

access-list OUTSIDE-ACL extended permit icmp any any echo

access-list OUTSIDE-ACL extended permit icmp any any echo-reply

access-list OUTSIDE-ACL extended permit icmp any any unreachable

access-list OUTSIDE-ACL extended permit icmp any any time-exceeded

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq smtp

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq ssh

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq https

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq www

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq pop3

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.yyy

access-list OUTSIDE-ACL extended deny tcp host 60.223.nnn.ttt any

access-list OUTSIDE-ACL extended deny tcp host 89.0.fff.eee any

access-list OUTSIDE-ACL remark "IPS ALERT ACCESS TO BARACUDA"

access-list OUTSIDE-ACL remark "IPS ALERT ACCESS TO BARACUDA"

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.yyy eq https

I have this problem too.
0 votes
Correct Answer by Collin Clark about 7 years 5 months ago

You will need to set the logging level to Informational (6).

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Collin Clark Tue, 06/23/2009 - 12:16

It blocks it because there is no rule to permit it. The only rule with 207.105.ttt.ttt is the following-

access-list OUTSIDE-ACL extended permit udp any host 207.105.ttt.ttt eq syslog

Anything other than syslog will be denied.

saidfrh Tue, 06/23/2009 - 12:32

Since this is a stateful firewall, does access to the firewall from outside that was not initiated from the inside produce a syslog message?

Correct Answer
Collin Clark Tue, 06/23/2009 - 12:34

You will need to set the logging level to Informational (6).

Actions

This Discussion