I have some network monitoring servers that are using snmp/icmp to monitor devices on the network. The icmp functions are not used but can not be turned off on the application so are blocked on the firewall. This is filling the logs on the ASA with icmp denied messages.
The FW acl has 2 lines which log traffic deny tcp any any log informational interval 300 and deny udp any any log informational interval 300, both at the end of the ACL just before the implicit deny. Neither of which i believe should log icmp traffic. In case I am wrong I added an additional line denying icmp from the servers to the network above those lines with no log statement. Packet-tracer confirms icmp is being block by this deny statement. The acl is also showing about 40K hits on the line blocking icmp.
Yet the logs on the ASA still show icmp packet being denied between the servers and network devices. Is there some other service running that is logging, is it more likely I should check my ACL's again, am I doing something wrong or are there any bugs that could affect this? Bit stuck with this one, any help would be appreciated.
FW-PRI/act# show ver
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.0(3)
Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"
FW-PRI up 1 year 83 days
failover cluster up 1 year 83 days
Hardware: ASA5540, 1024 MB RAM, CPU Pentium 4 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB