For example
access-list line 1 inside permit ip 10.20.30.0 255.255.255.0 any
access-list line 2 inside deny ip any any
access-list line 2 inside deny ip any any
Firewall syslog message 106023 will be generated for packets denied by an access control entry (ACE) that does not have the logkeyword present.
Jul 27 2010 00:10:18: %ASA-4-106023: Deny tcp src outside:10.21.30.3/2120 dst inside:100.2.4.1/80 by access-group “inside”
Jul 27 2010 00:10:18: %ASA-4-106023: Deny tcp src outside:10.21.30.3/2120 dst inside:100.2.4.1/80 by access-group “inside”
————————————————————————
If you enter the log option without any arguments, you enable system log message 106100 at the default level (6)
example:
access-list line 1 inside permit ip 10.20.30.0 255.255.255.0 any
access-list line 2 inside deny ip any any log
access-list line 2 inside deny ip any any log
Jul 27 2010 00:10:18: %ASA-6-106100: access-list OUTSIDE denied tcp outside/10.21.30.3(2121) -> inside/100.2.4.1(105) hit-cnt 1 first hit [0x22e8ac21, 0x0]
No comments:
Post a Comment