Hi Kings, In this case these packets should be different from packets dropped by ACL ? Can you please give me an example of the packet that is dropped by CBAC and reported by "FW-6-DROP_PKT". I remember there's a table somewhere at Cisco docs with specific conditions qualifying to drop. I just want to simulate and confirm that I can see events generated by FW for dropped packets.
Eugene From: Kingsley Charles <[email protected]<mailto:[email protected]>> Date: Tuesday, July 31, 2012 10:24 PM To: Eugene Pefti <[email protected]<mailto:[email protected]>> Cc: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [OSL | CCIE_Security] "ip inspect log drop-pkt" doesn't have any effect in CBAC It informs the packets dropped by CBAC. With regards Kings CCNA,CCSP,CCNP,CCIP,CCIE #35914 (Security) On Tue, Jul 31, 2012 at 5:13 PM, Eugene Pefti <[email protected]<mailto:[email protected]>> wrote: Folks, Has someone had any use of the above said command while having CBAC firewall? I expected it to show me dropped packets that are not allowed inbound but the router was silent until I add “log” option to the incoming ACL. On the other hand it works good in ZFW: Jul 31 10:31:48.122: %FW-6-DROP_PKT: Dropping Unknown-l7 session 200.13.111.12:52818<http://200.13.111.12:52818> 200.13.25.2:23<http://200.13.25.2:23> on zone-pair INSIDE-OUTSIDE class class-default due to DROP action found in policy-map with ip ident 0 Eugene _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com> Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com<http://www.PlatinumPlacement.com>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
