[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ASA ACL ip logging

Posted on 2013-12-18
3
Medium Priority
?
280 Views
Last Modified: 2014-02-14
I need help with my ASA.  I know there is a way to see what IP's are hitting a certain IP address/interface on our ASA but I can't remember how to see the information.

We have a customer that says they are getting dropped by our firewall off our DMZ interface.  I don't think this is happening because I don't have any policies like this.  I need to be able to get them to try and get to a web server while I look at the firewall and see what the firewall is doing with their IP or if they are even making it to us.

Can someone give me the command I would need to set this up?   Is it possible through the GUI?  I didn't see anything that would help.  I've done this before but can't figure it out now.  

                          Thanks..
0
Comment
Question by:pclark6127
  • 2
3 Comments
 
LVL 3

Expert Comment

by:vyaradaikin
ID: 39728458
Hello, you can use packet tracer either in ASDM plugin(tools menu) or via cli by command for example:
packet-tracer input inet icmp 192.168.1.1 0 0 10.1.1.1
If it says packet forwarded it means you rules give access to that traffic.
Also you can see hits in ACL by command
show access-list
And of course you can see log by  command
show logging
If it is not enabled you must enable it by
logging buffered informational
in configuration mode.
0
 
LVL 1

Author Comment

by:pclark6127
ID: 39728503
Hello,

Packet tracer actually generates the traffic correct?  I want to be able to tell the person from their location to try and hit the DMZ on our ASA and I want to be able to see if their IP hits the DMZ interface on our firewall.

Packet tracer can't do that for me correct?  It can only generate traffic correct or is it more of a what if type of thing where I'm telling it that if I have traffic coming from x.x.x.x show me what will happen to it and I don't actually have to the traffic coming from that location if that makes sense.

Thanks...
0
 
LVL 3

Accepted Solution

by:
vyaradaikin earned 2000 total points
ID: 39731087
Packet tracer does check of you configuration. If It passes that means you configuration is working well. It doesn't generate actual traffic of course. Actual information you will find in show access-list and show logging if you enable it before.
0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question