Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
956
Views
0
Helpful
3
Replies

ASA syslog

Go to solution
saidfrh
Level 1
Level 1

‎06-23-2009 10:29 AM - edited ‎03-11-2019 08:47 AM

Why does the firewall block the following IPs? 207.105.ttt.ttt is the outside int. of the firewall. Below the syslog mssgs is the firewall's "access-list OUTSIDE-ACL".

06-23-2009 09:33:38 Local4.Warning 192.168.1.10 Jun 23 2009 09:06:52: %ASA-4-106023: Deny udp src outside:77.67.10.132/3478 dst Inside:207.105.ttt.ttt/51458 by access-group "OUTSIDE-ACL" [0x0, 0x0]

06-23-2009 09:33:29 Local4.Warning 192.168.ooo.ooo Jun 23 2009 09:06:43: %ASA-4-106023: Deny tcp src outside:78.153.19.185/2427 dst outside:207.105.ttt.ttt/445 by access-group "OUTSIDE-ACL" [0x0, 0x0]

access-list OUTSIDE-ACL extended permit udp any host 207.105.ttt.ttt eq syslog

access-list OUTSIDE-ACL extended permit icmp any any echo

access-list OUTSIDE-ACL extended permit icmp any any echo-reply

access-list OUTSIDE-ACL extended permit icmp any any unreachable

access-list OUTSIDE-ACL extended permit icmp any any time-exceeded

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq smtp

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq ssh

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq https

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq www

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq pop3

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.yyy

access-list OUTSIDE-ACL extended deny tcp host 60.223.nnn.ttt any

access-list OUTSIDE-ACL extended deny tcp host 89.0.fff.eee any

access-list OUTSIDE-ACL remark "IPS ALERT ACCESS TO BARACUDA"

access-list OUTSIDE-ACL remark "IPS ALERT ACCESS TO BARACUDA"

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.yyy eq https

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to saidfrh

‎06-23-2009 12:34 PM

You will need to set the logging level to Informational (6).

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎06-23-2009 12:16 PM

It blocks it because there is no rule to permit it. The only rule with 207.105.ttt.ttt is the following-

access-list OUTSIDE-ACL extended permit udp any host 207.105.ttt.ttt eq syslog

Anything other than syslog will be denied.

0 Helpful

Go to solution
saidfrh
Level 1
Level 1
In response to Collin Clark

‎06-23-2009 12:32 PM

Since this is a stateful firewall, does access to the firewall from outside that was not initiated from the inside produce a syslog message?

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to saidfrh

‎06-23-2009 12:34 PM

You will need to set the logging level to Informational (6).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card