Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco 3845 IOS12.4 Advanced IP K9 not logging all denied traffice

Recently turned up a 3845. Using SDM I configured class-maps and policy-maps. I made sure to add "log" to every deny ACL. The router seems to be dropping some packets and I'm not seeing log messages. When I remove the router interfaces from the zone security (disabling the inspection) everything works just fine. So I know something is being dropped in the security configuration. I am also having problems with NAT when the inspection is active.

Anybody have any ideas?

Thanks,

2 REPLIES
Bronze

Re: Cisco 3845 IOS12.4 Advanced IP K9 not logging all denied tra

The implicit DENY ALL at the end of ACL might not be logging the denied traffic.

New Member

Re: Cisco 3845 IOS12.4 Advanced IP K9 not logging all denied tra

At the end of each PM self-in, self-out, in-out and out-in, there are two deny statements, deny any any and drop all unmatched. Each of those statements has the action to log messages. They are logging dropped packets, but some things are being dropped and not generating messages.

113
Views
0
Helpful
2
Replies