Solved

ASA ACL ip logging

Posted on 2013-12-18
3
265 Views
Last Modified: 2014-02-14
I need help with my ASA.  I know there is a way to see what IP's are hitting a certain IP address/interface on our ASA but I can't remember how to see the information.

We have a customer that says they are getting dropped by our firewall off our DMZ interface.  I don't think this is happening because I don't have any policies like this.  I need to be able to get them to try and get to a web server while I look at the firewall and see what the firewall is doing with their IP or if they are even making it to us.

Can someone give me the command I would need to set this up?   Is it possible through the GUI?  I didn't see anything that would help.  I've done this before but can't figure it out now.  

                          Thanks..
0
Comment
Question by:pclark6127
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 3

Expert Comment

by:vyaradaikin
ID: 39728458
Hello, you can use packet tracer either in ASDM plugin(tools menu) or via cli by command for example:
packet-tracer input inet icmp 192.168.1.1 0 0 10.1.1.1
If it says packet forwarded it means you rules give access to that traffic.
Also you can see hits in ACL by command
show access-list
And of course you can see log by  command
show logging
If it is not enabled you must enable it by
logging buffered informational
in configuration mode.
0
 
LVL 1

Author Comment

by:pclark6127
ID: 39728503
Hello,

Packet tracer actually generates the traffic correct?  I want to be able to tell the person from their location to try and hit the DMZ on our ASA and I want to be able to see if their IP hits the DMZ interface on our firewall.

Packet tracer can't do that for me correct?  It can only generate traffic correct or is it more of a what if type of thing where I'm telling it that if I have traffic coming from x.x.x.x show me what will happen to it and I don't actually have to the traffic coming from that location if that makes sense.

Thanks...
0
 
LVL 3

Accepted Solution

by:
vyaradaikin earned 500 total points
ID: 39731087
Packet tracer does check of you configuration. If It passes that means you configuration is working well. It doesn't generate actual traffic of course. Actual information you will find in show access-list and show logging if you enable it before.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question