When you implement an ACL (standard/extended etc), you can choose the option of "log-input" to output any packets that are allowed/disallowed as per your ACL. Is there a document that help you interpret this log output? For a specific example,:
Now I figured the router allowed an ICMP packet pass from host 126.96.36.199 to host 188.8.131.52. However, I am unsure what "(8/0)" means. What would be really good is a reasonably comprehensive document that explains how to intepret the log output in general . I've searched the Cisco website, but am struggling to find the relevant document.
Not sure if there's any documentation on this specifically.
For an ICMP ACL, the 8/0 refers to the ICMP type and code (type/code). These can be found in a multitude of places on the Internet, here's one (http://www.iana.org/assignments/icmp-parameters). For 8/0, this is an ICMP Echo packet (a ping).
For TCP/UDP ACL's, this value will just be one value (no / in there), and this will indicate the TCP/UDP port number. If I remember correctly, this number will show up on both the source and the destination IP addresses, indicating the source and destination port number in the packet.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...