Solved

ASA ACL ip logging

Posted on 2013-12-18
3
271 Views
Last Modified: 2014-02-14
I need help with my ASA.  I know there is a way to see what IP's are hitting a certain IP address/interface on our ASA but I can't remember how to see the information.

We have a customer that says they are getting dropped by our firewall off our DMZ interface.  I don't think this is happening because I don't have any policies like this.  I need to be able to get them to try and get to a web server while I look at the firewall and see what the firewall is doing with their IP or if they are even making it to us.

Can someone give me the command I would need to set this up?   Is it possible through the GUI?  I didn't see anything that would help.  I've done this before but can't figure it out now.  

                          Thanks..
0
Comment
Question by:pclark6127
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 3

Expert Comment

by:vyaradaikin
ID: 39728458
Hello, you can use packet tracer either in ASDM plugin(tools menu) or via cli by command for example:
packet-tracer input inet icmp 192.168.1.1 0 0 10.1.1.1
If it says packet forwarded it means you rules give access to that traffic.
Also you can see hits in ACL by command
show access-list
And of course you can see log by  command
show logging
If it is not enabled you must enable it by
logging buffered informational
in configuration mode.
0
 
LVL 1

Author Comment

by:pclark6127
ID: 39728503
Hello,

Packet tracer actually generates the traffic correct?  I want to be able to tell the person from their location to try and hit the DMZ on our ASA and I want to be able to see if their IP hits the DMZ interface on our firewall.

Packet tracer can't do that for me correct?  It can only generate traffic correct or is it more of a what if type of thing where I'm telling it that if I have traffic coming from x.x.x.x show me what will happen to it and I don't actually have to the traffic coming from that location if that makes sense.

Thanks...
0
 
LVL 3

Accepted Solution

by:
vyaradaikin earned 500 total points
ID: 39731087
Packet tracer does check of you configuration. If It passes that means you configuration is working well. It doesn't generate actual traffic of course. Actual information you will find in show access-list and show logging if you enable it before.
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question