Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3 log in syslog server for each hit and ACL hit for response packet


I have recently put a firewall in production network but with ip any any permit ACL as I don't know where all applications are running on.I have configured inside zone with higher security level and outiside zone with lower security level. The firewall rule, customer wants to have is all traffic should be flow from insdie to outside zone without any additional access but traffic from outside to inside should be restricted with specific access.I have configured the firewall ACL" permit ip any any log notification" to generate notification log and send this notification log to kiwi syslog  server so that I can analyse log for sometimes and later on ACL can be applied to ASA based on analysed data.But what I am observing is that Cisco ASA is sending three logs for each packet hit the ACL to syslog server.So does anyone have idea why such thing is happening with my firewall.

Moreover I have noticed that ACL is getting hit by response packet that was initiated from inside to outside which ideally should not happend.For response packet that comes from outside to inside should flow the existing session that was initiated from inside to outside. Anyone can give me some idea for both cases.

CreatePlease login to create content