-1

We have a Cisco ASA5520 firewall, Access Rules are defined for each interface.

Explicit deny all command is not specified on the interface.

Logging is enabled on the firewall.

My question is,

When an IP address other than the allowed ip address tries to access, Would that be logged ?

eg:

A to B permit log=no

but

any to any deny log=yes is not mentioned

Hence would the ip A be logged if it tries to access C ?

if yes then what is the difference between firewall logs being enabled and the logging functionality in the Access Control Entry ?

Vinod K
  • 1,885
  • 11
  • 35
  • 45

1 Answers1

0

The answer is sometimes. If you want denies to be logged reliably your best option is to put an explicit deny ip any any log at the end of your ACL. By default the ASA does not log ACL denies because it's just way too much traffic but the functionality does exist. Unfortunately it's spread out over a bunch of different logging messages. There are separate messages for tcp/udp/icmp and other protocols. They start at syslog message 106001. To see which logging messages are enabled on your firewall type show run all logging at the cli.

resmon6
  • 847
  • 5
  • 11