Re: PIX 5.2(2) and logging

Fabio Pietrosanti \(naif\) Fri, 06 Oct 2000 00:19:45 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Know about this,

since 5.1(2) Cisco tell that in the next release they will fix this.

It's orrible with ACL have to use debug for details about denyed packet
:\\



Pietrosanti  Fabio          I.NET SpA, High Quality Access to the Internet
e-mail:  [EMAIL PROTECTED]           ( Direzione Tecnica, Gruppo Firewall )
         [EMAIL PROTECTED]
PGP Key (DSS)                           http://naif.itapac.net/naif.asc
ICQ ( under testing) : 93258985

Home Page URL:            http://www.inet.it
Sede:                     Via Caldera, 21 20153 Milano
Tel:                      02-409061 Fax: 02-40906303
 --
Free advertising: www.openbsd.org - Multiplatform Ultra-secure OS


On Thu, 5 Oct 2000, Jeff Wolfe wrote:

> 
> 
> So I've been dutifily experimenting with changing my conduits to access-lists 
> as per the notes in the 5.2 docs. However, the info logged when a packet is 
> denied by an access-list seems rather lean, including no port information. to wit:
> 
> under 5.1 with a conduit, a telnet 
> produces:
> Oct  5 14:10:33 [128.118.y.1.2.2] %PIX-2-106001: Inbound TCP connection denied 
> from 128.118.w.x/3179 to 128.118.y.z/23 flags SYN  on interface outside
> 
> Under 5.2(2) with an access list in place of the conduit, I get:
> Oct  5 14:12:04 pix %PIX-4-106019: IP packet from 128.118.w.x to 128.118.y.z, 
> protocol tcp received from interface "outside" deny by access-group "acl-outside"
> 
> This is on a lab bench. The only conduits on the 5.1 pix are:
> conduit permit tcp any eq 22 any 
> conduit permit udp any eq 22 any 
> 
> On the 5.2 pix, the access-lists look like this:
> access-list acl-outside permit tcp any any eq 22 
> access-list acl-outside permit udp any any eq 22 
> 
> And that's all there is in the config. Both configs work as expected, but the 
> logging on the access-lists lacks information. 
> 
> How do people do logging from their pixes? I've been through the manual, but 
> I'd be happy for someone to point out what I'm missing about detailed logging.
> 
> 
> -JEff
> 
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
Filter: gpg4pine 4.1 (http://azzie.robotics.net)

iD8DBQE53X8tdK5I1NnlcMYRAvedAKCNFq/lpnNMK9EwsOqCJBE10QXZ4QCghwd+
4VkZOIr7655OiYKAxegDc7Q=
=cWjU
-----END PGP SIGNATURE-----

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Re: PIX 5.2(2) and logging

Reply via email to
