So I've been dutifily experimenting with changing my conduits to access-lists
as per the notes in the 5.2 docs. However, the info logged when a packet is
denied by an access-list seems rather lean, including no port information. to wit:
under 5.1 with a conduit, a telnet
produces:
Oct 5 14:10:33 [128.118.y.1.2.2] %PIX-2-106001: Inbound TCP connection denied
from 128.118.w.x/3179 to 128.118.y.z/23 flags SYN on interface outside
Under 5.2(2) with an access list in place of the conduit, I get:
Oct 5 14:12:04 pix %PIX-4-106019: IP packet from 128.118.w.x to 128.118.y.z,
protocol tcp received from interface "outside" deny by access-group "acl-outside"
This is on a lab bench. The only conduits on the 5.1 pix are:
conduit permit tcp any eq 22 any
conduit permit udp any eq 22 any
On the 5.2 pix, the access-lists look like this:
access-list acl-outside permit tcp any any eq 22
access-list acl-outside permit udp any any eq 22
And that's all there is in the config. Both configs work as expected, but the
logging on the access-lists lacks information.
How do people do logging from their pixes? I've been through the manual, but
I'd be happy for someone to point out what I'm missing about detailed logging.
-JEff
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
