Folks, Has someone had any use of the above said command while having CBAC firewall? I expected it to show me dropped packets that are not allowed inbound but the router was silent until I add "log" option to the incoming ACL. On the other hand it works good in ZFW:
Jul 31 10:31:48.122: %FW-6-DROP_PKT: Dropping Unknown-l7 session 200.13.111.12:52818 200.13.25.2:23 on zone-pair INSIDE-OUTSIDE class class-default due to DROP action found in policy-map with ip ident 0 Eugene
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
