[lopsa-tech] Cisco ASA 8.2(2) ICMP logging annoyance

Fri, 10 Dec 2010 07:28:51 -0800 

My Google-fu is coming up empty on this one, so I'm wondering if any of you 
have encountered this and/or been able to deal with it...

The Cisco firewall products I've previously used (including PIXes several years 
ago and currently an FWSM 3.2(18)) logged ICMP echo-request/echo "connections" 
just like any other "connection."  They generated one log entry when the series 
of pings started, and then another log entry when the series of pings ended.   
Like this:

Dec 10 2010 09:23:50: %FWSM-6-302020: Built outbound ICMP connection for faddr 
64.62.173.39/1024 gaddr 216.165.132.252/30981 laddr 10.6.204.220/8
Dec 10 2010 09:23:56: %FWSM-6-302021: Teardown ICMP connection for faddr 
64.62.173.39/1024 gaddr 216.165.132.252/30981 laddr 10.6.204.220/8

For some reason, our new ASA 8.2(2) is logging a connection build/teardown 
sequence for each and every echo-request/echo combination that goes through, as 
shown below.   Has anyone figured out a way to get the ASA to exhibit the 
logging behavior noted above instead?

Dec 10 2010 15:19:58: %ASA-6-302020: Built outbound ICMP connection for faddr 
199.204.56.2/0 gaddr 199.204.56.15/57035 laddr 10.6.204.220/1024
Dec 10 2010 15:19:58: %ASA-6-302021: Teardown ICMP connection for faddr 
199.204.56.2/0 gaddr 199.204.56.15/57035 laddr 10.6.204.220/1024
Dec 10 2010 15:19:59: %ASA-6-302020: Built outbound ICMP connection for faddr 
199.204.56.2/0 gaddr 199.204.56.15/57035 laddr 10.6.204.220/1024
Dec 10 2010 15:19:59: %ASA-6-302021: Teardown ICMP connection for faddr 
199.204.56.2/0 gaddr 199.204.56.15/57035 laddr 10.6.204.220/1024
Dec 10 2010 15:20:00: %ASA-6-302020: Built outbound ICMP connection for faddr 
199.204.56.2/0 gaddr 199.204.56.15/57035 laddr 10.6.204.220/1024
Dec 10 2010 15:20:00: %ASA-6-302021: Teardown ICMP connection for faddr 
199.204.56.2/0 gaddr 199.204.56.15/57035 laddr 10.6.204.220/1024
Dec 10 2010 15:20:01: %ASA-6-302020: Built outbound ICMP connection for faddr 
199.204.56.2/0 gaddr 199.204.56.15/57035 laddr 10.6.204.220/1024
Dec 10 2010 15:20:01: %ASA-6-302021: Teardown ICMP connection for faddr 
199.204.56.2/0 gaddr 199.204.56.15/57035 laddr 10.6.204.220/1024


===
Jeremy Charles
Epic - Computer and Technology Services Division
[email protected]

Phone:  608-271-9000   Fax:  608-271-7237


_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
 http://lopsa.org/

Reply via email to