I'm currently using an ASA 5540 with several basic access lists. I'm attempting to view the hit counts on a particular access list, specifically the 'deny any any' on the outside interface. Now, I can actually see the hit counts themselves increasing by either running the 'sh acces list' or by viewing the ASDM under Configuration/Firewall/Access Rules. The 'deny any any' acl is set to 'log informational', so I can see the hit counts increasing with each failed attempt to reach the outside interface. What I *want* to see is all failed traffic that is attempting to access that interface.Not just the hit counts themselves, but what those hits actually are.
Here are my log settings on the firewall currently
A few more details may be important: The outside interface is open from only one specific source IP. And it's only allowing in a custom TCP port, we'll call it TCP 56128. All is fine and well with that, as it works like it should.
So when I attempt to access the outside interface from an unallowed port like say, icmp, http, https, smtp, ftp, telnet, dns, ldap, netbios, or RDP, the real time log veiwer shows the failed attempt. Great!
BUT, when I try to access that outside interface from a different port that is not allowed like tftp or kerberos or a random tcp port like 56128, it does not log it. The hit count increases, but I don't see what the heck it is.
Am I missing something? Is there a way to tell the ASA "when you see this TCP port fail to reach the outside interface, show it in the log viewer"?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...