Hi all,
It's all about zone-based firewalling on an IOS router with 12.4(T) image.
is there a possibility to log drops, that are caused by an inspect action? For example a packet with the tcp-flag "ACK" is dropped, because there was no initial "SYN" - so the packet is out of state and dropped.
From a configuration point of view, it would look like the following:
I have a policy-map with different class-maps. One class-map for tcp-traffic inspection, one for udp inspection and one class-default with a drop action.
If there is an out-of-state TCP packet, it would match the tcp-traffic class-map and is dropped, due to inspection. But there is no logging event for that.
I use 12.4(11)T4 with adv. IP services.
Edit:
When doing a "debug ip packet", I can that the packet is dropped, because of the inspection. But a debugging output won't help me. Especially a debug ip packet in a live environment :-))
REMOTE-LBR1# debug ip packet detail
REMOTE-LBR1#
000331: *Jun 30 15:51:09.759 MESZ: IP: tableid=0, s=172.16.1.100 (FastEthernet0/1), d=10.134.128.1 (FastEthernet0/0), routed via FIB
000332: *Jun 30 15:51:09.763 MESZ: IP: s=172.16.1.100 (FastEthernet0/1), d=10.134.128.1 (FastEthernet0/0), len 40, dropped by inspect