05-05-2009 04:35 AM - edited 03-06-2019 05:32 AM
Recently turned up a 3845. Using SDM I configured class-maps and policy-maps. I made sure to add "log" to every deny ACL. The router seems to be dropping some packets and I'm not seeing log messages. When I remove the router interfaces from the zone security (disabling the inspection) everything works just fine. So I know something is being dropped in the security configuration. I am also having problems with NAT when the inspection is active.
Anybody have any ideas?
Thanks,
05-05-2009 05:30 AM
The implicit DENY ALL at the end of ACL might not be logging the denied traffic.
05-05-2009 05:43 AM
At the end of each PM self-in, self-out, in-out and out-in, there are two deny statements, deny any any and drop all unmatched. Each of those statements has the action to log messages. They are logging dropped packets, but some things are being dropped and not generating messages.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide