cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
292
Views
0
Helpful
1
Replies

Syslog problems

jstickland
Level 1
Level 1

I have the following ACL

access-list 100 permit tcp host 192.168.0.252 any eq www

access-list 100 permit tcp host 192.168.0.252 any eq 443

access-list 100 permit udp host 192.168.0.252 any eq 443

access-list 100 permit udp host 172.16.16.5 host 67.69.184.163 eq domain

access-list 100 permit tcp host 172.16.16.5 any eq www

access-list 100 permit tcp host 172.16.16.5 host 209.226.175.83 eq pop3

access-list 100 permit tcp host 172.16.16.5 host 209.226.175.63 eq smtp

access-list 100 permit tcp host 172.16.16.5 any eq 443

access-list 100 permit udp host 172.16.16.5 any eq 443

access-list 100 permit tcp host 172.16.16.2 host 172.16.16.1 eq telnet

access-list 100 permit tcp host 172.16.16.2 host 1.1.1.1 eq telnet

access-list 100 permit tcp host 172.16.16.5 eq 3389 host 10.10.10.2

access-list 100 permit tcp host 172.16.16.2 host 10.10.10.2 eq 65534

access-list 100 deny tcp any any log

access-list 100 deny udp any any log

access-list 100 deny ip any any log

I apply it to the inbound direction of an interface. Only broadcast traffic dropped by the ACL appears on the syslog server - no unicast.

for example,

telnet 1.2.3.4 1232

Does not show that the connection is being dropped, although it is, and is not forwarded out any interfaces.

1 Reply 1

mohammedmahmoud
Level 11
Level 11

Hi,

I've copied your exact configuration and it worked perfectly as shown in the attached file, please make sure that you've enabled logging buffered or that you are accessing the router via console.

I've even tried to telnet to another port other than 23 as you've done and i got this:

*Jul 24 11:42:38.821: %SEC-6-IPACCESSLOGP: list 100 denied tcp 155.1.146.4(60849) -> 155.1.146.1(1232), 1 packet

HTH,

Mohammed Mahmoud.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: