I have configured an 1600 equipped with IOS 11.2(18)P, and the firewall feature set using configmaker. I used all its default settings for the traffic flows defined. I have added additional IOS commands (to the relevant access-list) to force logging to syslog on an NT system using KIWI.
Evrything mostly seems fine, from the outside only desired ports are visible and from the inside users can use http, ftp, nntp just fine. However I am getting packet filter errors being logged from what seem to be legitimate traffic. I have noticed that a similar problem has been posted on this subject without apparently being fully resolved (Gordon.Cooper October 26th 2001).
examples of entries ib my log are:
SMTP:
Local7.Info 192.168.10.254 296: %SEC-6-IPACCESSLOGP: list 101 denied tcp "ispmailserver"(25) -> "my m/c"(5317)
HTTP:
Local7.Info 192.168.10.254 299: %SEC-6-IPACCESSLOGP: list 101 denied tcp "HP Web site"(80) -> "my m/c"(5270)
NNTP:
Local7.Info 192.168.10.254 373: %SEC-6-IPACCESSLOGP: list 101 denied tcp "UseNet server"(119) -> my m/c(5895)
Are these the result of the CBAC time windows, if so should these be adjusted and how.
Any others with similar experience?
Any help gratefully appreciated.
I am a bit of a CISCO newbie here.