I actually have the same question. I have noticed that and I have no rhyme or reason for the difference. Not sure if it is a timing thing or what. It is very odd.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Jimmy Larsson Sent: Thursday, July 08, 2010 3:00 AM To: OSL Security Subject: Re: [OSL | CCIE_Security] IOS interface access-list blocking what? I dont get it. A few minutes later my log entries starts to look like this: *Jul 8 07:03:40.147: %SEC-6-IPACCESSLOGP: list FW denied udp 192.168.1.51(1645) -> 192.168.1.61(1645), 1 packet *Jul 8 07:03:48.483: %SEC-6-IPACCESSLOGP: list FW denied udp 192.168.1.203(17500) -> 255.255.255.255(17500), 1 packet And this, the very same outside to inside telnet-attempt as in my last email: *Jul 8 07:05:11.691: %SEC-6-IPACCESSLOGP: list FW denied tcp 192.168.1.52(4229) -> 192.168.169.2(23), 1 packet Please help me explain why... /J 2010/7/8 Jimmy Larsson <[email protected]> Guys How do you guys handle this situation? You have a router with an inbound acl in outside interface that is blocking things: interface FastEthernet0 descr Outside interface ip address 192.168.1.61 255.255.255.0 ip access-group FW in ! ip access-list extended FW deny ip any any log ! No inspection, no zbfw, nothing. The problem is that the log-entry in the access-list doesnt show me enough details of what is being blocked. A few examples: Return traffic for outbound radius: *Jul 8 06:55:41.035: %SEC-6-IPACCESSLOGP: list FW denied udp 192.168.1.51(0) -> 192.168.1.255(0), 8 packets Telnet traffic from outside host to inside router: *Jul 8 06:56:56.567: %SEC-6-IPACCESSLOGP: list FW denied tcp 192.168.1.52(0) -> 192.168.169.2(0), 1 packet Garbage broadcast from a windows-host on outside: *Jul 8 06:58:41.035: %SEC-6-IPACCESSLOGP: list FW denied udp 192.168.1.50(0) -> 192.168.1.255(0), 11 packets How do I find out port details about the blocked traffic so that I can open them up (or not)? I know, it looks different when doing inspections. /J -- ------- Jimmy Larsson Ryavagen 173 s-26030 Vallakra Sweden http://blogg.kvistofta.nu ------- -- ------- Jimmy Larsson Ryavagen 173 s-26030 Vallakra Sweden http://blogg.kvistofta.nu -------
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
