when to construct a rule base we need to log 106100 messages to see which connections are required, but no 106100 message appears. does anybody know the reason or what can i do to enable logging this message.
You may use access-list (ACL) and apply to Inside interface to ensure all logs/events are recorded.
Since your're still at the starting level, create ACL permitting any/all traffic. This is good for internal access to external/internet or any lower security level segment.
access-list inside permit tcp any any
access-list inside permit udp any any
access-group inside in interface inside --> bind to inside inyetface
Optionally, you can use 'ip' to replace tcp/udp keyword, and have 1 ACL line instead of 2. But having separate TCP & UDP lines gives you more accurate hitcount on TCP & UDP traffics. But no exact rules on this.
To check outside/internet access to your internal server(s), I am not sure sure if you already have ACL permitting the incoming access, plus the static nat for internal server-Public IP address mapping.
As you can clearly see from the following the necessary configuration is done. the problem is although i enable logging informational no 106100 log appears at ASDM. the question is what may be the reason.
FW-ROM-OUT# sh logg
Syslog logging: enabled
Timestamp logging: disabled
Standby logging: disabled
Deny Conn when Queue Full: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: list access-list, 14914 messages logged
Trap logging: list permitler, facility 17, 176370 messages logged
Logging to inside 10.129.0.237
Logging to inside SYSLOG
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: level informational, class session sys, 90100 messages logged
we used same kind of logging on FWSM before, so as to configuration there is no missing thing. however we had to upgrade our product for FWSM to see this log since there was a bug for it. it seems a bug exist for ASA also but i could not find out any using bug tool at cisco.com.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :