Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Strange

ACL was created and logging the packets denied but the ACL is not applied to any interface or line?, why would this creating log entries?.. also how can I determine which interface certain packets are arriving on?

1 REPLY
Bronze

Re: Strange

By default, when traffic is denied by an extended ACE or a Webtype ACE, the adaptive security appliance generates system message 106023 for each denied packet, in the following form:

%ASA|PIX-4-106023: Deny protocol src [interface_name:source_address/source_port] dst

interface_name:dest_address/dest_port [type {string}, code {code}] by access_group acl_id

If the adaptive security appliance is attacked, the number of system messages for denied packets can be very large. We recommend that you instead enable logging using system message 106100, which provides statistics for each ACE and lets you limit the number of system messages produced. Alternatively, you can disable all logging.

You can configure the logging for an Access Control Entry to know about packets arraving:

http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/traffic.html#wp1061688

115
Views
0
Helpful
1
Replies
CreatePlease login to create content