Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ASA ACL ip logging

Posted on 2013-12-18
3
Medium Priority
?
278 Views
Last Modified: 2014-02-14
I need help with my ASA.  I know there is a way to see what IP's are hitting a certain IP address/interface on our ASA but I can't remember how to see the information.

We have a customer that says they are getting dropped by our firewall off our DMZ interface.  I don't think this is happening because I don't have any policies like this.  I need to be able to get them to try and get to a web server while I look at the firewall and see what the firewall is doing with their IP or if they are even making it to us.

Can someone give me the command I would need to set this up?   Is it possible through the GUI?  I didn't see anything that would help.  I've done this before but can't figure it out now.  

                          Thanks..
0
Comment
Question by:pclark6127
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 3

Expert Comment

by:vyaradaikin
ID: 39728458
Hello, you can use packet tracer either in ASDM plugin(tools menu) or via cli by command for example:
packet-tracer input inet icmp 192.168.1.1 0 0 10.1.1.1
If it says packet forwarded it means you rules give access to that traffic.
Also you can see hits in ACL by command
show access-list
And of course you can see log by  command
show logging
If it is not enabled you must enable it by
logging buffered informational
in configuration mode.
0
 
LVL 1

Author Comment

by:pclark6127
ID: 39728503
Hello,

Packet tracer actually generates the traffic correct?  I want to be able to tell the person from their location to try and hit the DMZ on our ASA and I want to be able to see if their IP hits the DMZ interface on our firewall.

Packet tracer can't do that for me correct?  It can only generate traffic correct or is it more of a what if type of thing where I'm telling it that if I have traffic coming from x.x.x.x show me what will happen to it and I don't actually have to the traffic coming from that location if that makes sense.

Thanks...
0
 
LVL 3

Accepted Solution

by:
vyaradaikin earned 2000 total points
ID: 39731087
Packet tracer does check of you configuration. If It passes that means you configuration is working well. It doesn't generate actual traffic of course. Actual information you will find in show access-list and show logging if you enable it before.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question