Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA syslog

Why does the firewall block the following IPs? 207.105.ttt.ttt is the outside int. of the firewall. Below the syslog mssgs is the firewall's "access-list OUTSIDE-ACL".

06-23-2009 09:33:38 Local4.Warning 192.168.1.10 Jun 23 2009 09:06:52: %ASA-4-106023: Deny udp src outside:77.67.10.132/3478 dst Inside:207.105.ttt.ttt/51458 by access-group "OUTSIDE-ACL" [0x0, 0x0]

06-23-2009 09:33:29 Local4.Warning 192.168.ooo.ooo Jun 23 2009 09:06:43: %ASA-4-106023: Deny tcp src outside:78.153.19.185/2427 dst outside:207.105.ttt.ttt/445 by access-group "OUTSIDE-ACL" [0x0, 0x0]

access-list OUTSIDE-ACL extended permit udp any host 207.105.ttt.ttt eq syslog

access-list OUTSIDE-ACL extended permit icmp any any echo

access-list OUTSIDE-ACL extended permit icmp any any echo-reply

access-list OUTSIDE-ACL extended permit icmp any any unreachable

access-list OUTSIDE-ACL extended permit icmp any any time-exceeded

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq smtp

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq ssh

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq https

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq www

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.xxx eq pop3

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.yyy

access-list OUTSIDE-ACL extended deny tcp host 60.223.nnn.ttt any

access-list OUTSIDE-ACL extended deny tcp host 89.0.fff.eee any

access-list OUTSIDE-ACL remark "IPS ALERT ACCESS TO BARACUDA"

access-list OUTSIDE-ACL remark "IPS ALERT ACCESS TO BARACUDA"

access-list OUTSIDE-ACL extended permit tcp any host 207.105.ttt.yyy eq https

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA syslog

You will need to set the logging level to Informational (6).

3 REPLIES

Re: ASA syslog

It blocks it because there is no rule to permit it. The only rule with 207.105.ttt.ttt is the following-

access-list OUTSIDE-ACL extended permit udp any host 207.105.ttt.ttt eq syslog

Anything other than syslog will be denied.

New Member

Re: ASA syslog

Since this is a stateful firewall, does access to the firewall from outside that was not initiated from the inside produce a syslog message?

Re: ASA syslog

You will need to set the logging level to Informational (6).

423
Views
0
Helpful
3
Replies