Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
371
Views
0
Helpful
3
Replies

What alert level show the source and dest ports on denied packets ?

jjaime
Level 1
Level 1

‎03-12-2003 09:05 AM - edited ‎03-09-2019 02:28 AM

Hello dear all,

I'm working with Pix IOS ver 5.3 and syslog servers. I need the know the source and destination ports from denied packets on internal and external interfaces of Pix.

I put the Pix alert level on informational, but only show me the IP source/dest and the protocol type ( tcp, udp...).

Ex: Mar 12 14:24:37 xxx.xxx.xxx.xxx Mar 12 2003 09:16:16: %PIX-4-106019: IP packet from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx, protocol udp received from interface "inside" deny by access-group "CSM-acl-inside

What is the alert level that show me the source and dest ports on denied packets ?

The problem with debug level is that show me also a lot of information that I not need.

Thanks a lot by your help.

=======================================

Julio Jaime

Americas Zone Security Administrator

Accor Services

jjaime@accorservices.com.ar

=======================================

Labels:
0 Helpful
3 Replies 3

gfullage
Cisco Employee
Cisco Employee

‎03-12-2003 03:36 PM

Syslog message 106019 was changed in a bunch of versions a while ago to include the port numbers (CSCdr68251). You can check the bug details here:

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdr68251&Submit=Search

to upgrade to a version that'll include those for you.

0 Helpful

shannong
Level 4
Level 4

‎03-12-2003 08:41 PM

As previously stated, upgrade and you'll get the port numbers included. Another "trick" is to place an "deny ip any any" at the end of your access-list. Functionally, this doesn't affect traffic any as all ACLs have an implicit deny at the end. The good news is that the Pix will log denies for the ACL at level 4 rather than level 6. (or is it 7?) The Pix considers explicit ACL denies a high priority than implicit denies.

0 Helpful

jjaime
Level 1
Level 1
In response to shannong

‎03-13-2003 05:28 AM

Thanks very much.

I'm glad with your answers.

JJ

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents