Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Strange Info in ACL Log

I was playing with my ACL 101. Just for giggles I added a:

access-list 101 deny ip any any log

at the end to see just what would log. I am getting:

INP-2811#sh log | include denied

*Oct 10 21:46:28 PCTime: %SEC-6-IPACCESSLOGP: list 101 denied tcp RTR_Wan_Interface(0) -> IP_Phone_out_on_Internet(0), 1 packet

*Oct 10 21:46:29 PCTime: %SEC-6-IPACCESSLOGDP: list 101 denied icmp RTR_Wan_Interface -> 65.197.71.134 (0/0), 1 packet

*Oct 10 21:46:33 PCTime: %SEC-6-IPACCESSLOGDP: list 101 denied icmp RTR_Wan_Interface -> 24.13.209.193 (0/0), 1 packet

*Oct 10 21:47:15 PCTime: %SEC-6-IPACCESSLOGDP: list 101 denied icmp RTR_Wan_Interface -> 65.162.61.143 (0/0), 1 packet

*Oct 10 21:47:22 PCTime: %SEC-6-IPACCESSLOGDP: list 101 denied icmp RTR_Wan_Interface -> 218.87.219.117 (0/0), 1 packet

*Oct 10 21:48:25 PCTime: %SEC-6-IPACCESSLOGDP: list 101 denied icmp RTR_Wan_Interface -> 202.101.231.213 (0/0), 1 packet

*Oct 10 21:51:08 PCTime: %SEC-6-IPACCESSLOGDP: list 101 denied icmp RTR_Wan_Interface -> 201.129.37.82 (0/0), 1 packet

*Oct 10 21:51:12 PCTime: %SEC-6-IPACCESSLOGDP: list 101 denied icmp RTR_Wan_Interface -> 65.182.0.43 (0/0), 1 packet

*Oct 10 21:51:23 PCTime: %SEC-6-IPACCESSLOGDP: list 101 denied icmp RTR_Wan_Interface -> 61.233.40.230 (0/0), 1 packet

*Oct 10 21:51:45 PCTime: %SEC-6-IPACCESSLOGDP: list 101 denied icmp RTR_Wan_Interface -> 24.13.209.193 (0/0), 63 packets

*Oct 10 21:51:45 PCTime: %SEC-6-IPACCESSLOGP: list 101 denied tcp RTR_Wan_Interface(0) -> IP_Phone_out_on_Internet(0), 155 packets

*Oct 10 21:52:46 PCTime: %SEC-6-IPACCESSLOGDP: list 101 denied icmp RTR_Wan_Interface -> 218.87.219.117 (0/0), 3 packets

*Oct 10 21:52:56 PCTime: %SEC-6-IPACCESSLOGDP: list 101 denied icmp RTR_Wan_Interface -> 65.27.192.35 (0/0), 1 packet

*Oct 10 21:53:22 PCTime: %SEC-6-IPACCESSLOGDP: list 101 denied icmp RTR_Wan_Interface -> 65.117.214.161 (0/0), 1 packet

*Oct 10 21:54:35 PCTime: %SEC-6-IPACCESSLOGDP: list 101 denied icmp RTR_Wan_Interface -> 38.131.6.53 (0/0), 1 packet

*Oct 10 21:54:40 PCTime: %SEC-6-IPACCESSLOGDP: list 101 denied icmp RTR_Wan_Interface -> 38.131.86.78 (0/0), 1 packet

*Oct 10 21:56:46 PCTime: %SEC-6-IPACCESSLOGDP: list 101 denied icmp RTR_Wan_Interface -> 24.13.209.193 (0/0), 62 packets

*Oct 10 21:56:46 PCTime: %SEC-6-IPACCESSLOGP: list 101 denied tcp RTR_Wan_Interface(0) -> IP_Phone_out_on_Internet(0), 51 packets

This ACL is applied to my router via the

route-map nonat permit 10

match ip address 101

statement

My question is:

1.) Are these request coming from my router OUT to the internet or are they coming inbound to my router?

I think they are going outbound to the internet.

2.) What does the (0/0) mean?

3 REPLIES
Silver

Re: Strange Info in ACL Log

Hi,

1. It looks outbound to me.

2. (0/0) is the ICMP Type / Code - which for 0 means "echo reply" - that is the response to a PING.

HTH

Kind Regards

Cathy

Gold

Re: Strange Info in ACL Log

access-list 101 deny ip any any log

route-map nonat permit 10

match ip address 101

i assume you would have another statement similar to this:

ip nat inside source route-map nonat interface Dialer0 overload

with these command, the router will not nat/pat any packet. so the log just shows you what packet has not been natted/patted. further, since this acl applies to the route-map, the traffic shown from the log would be outbound.

just wondering out of curiosity if the internal user can access the internet, as current the router doesn't perform nat/pat.

Community Member

Re: Strange Info in ACL Log

Yes you are correct I have a statement that reads:

ip nat inside source route-map nonat interface Serial0/1/0 overload

Yes the users can access the internet. I would be in big trouble if I broke that since they use a web app all day to conduct business.

So if this traffic is outbound from my router and I am NAT ing outgoing traffic does the endless amount of (0/0) statements in the log mean I have something on my internal network thats doing ping sweeps to the internet? These appear in the log even when no one is on the network and PCs are left on.

120
Views
0
Helpful
3
Replies
CreatePlease to create content