Firewall Wizards mailing list archives
Re: Fw: cisco pix does not log traffic targetted to itself?
From: Kevin Steves <stevesk () pobox com>
Date: Mon, 13 Jan 2003 17:12:48 -0800
On Mon, Jan 13, 2003 at 07:25:25AM -0500, Brian Ford wrote:
i'm told you can assign multiple interfaces the same security levelNo.
i did find the source of that information, and it was something i had read. in "cisco secure pix firewalls" pg. 55 it says: "While it is possible to configure two or more interfaces with the same ASA Security Level, it is not a TAC-supported configuration".
Regarding the original question: Sure it does.
the original question concerned traffic to self, and my testing shows: no, all traffic to the pix itself that is dropped is not logged. simple test, telnet to port 81 on the outside IP (assuming no static). i don't see a log entry.
And there is a "deny all" at the end of an ACL in PIX (just like in IOS).
yes, but does an access list for traffic to self apply? even with: access-list outside-in deny ip any any access-group outside-in in interface outside i can ping outside unless i do: icmp deny any outside _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Fw: cisco pix does not log traffic targetted to itself? Brian Ford (Jan 13)
- Re: Fw: cisco pix does not log traffic targetted to itself? Kevin Steves (Jan 14)
- Re: Fw: cisco pix does not log traffic targetted to itself? Brian Ford (Jan 14)
- Re: Fw: cisco pix does not log traffic targetted to itself? Kevin Steves (Jan 15)
- Pix to Vigor VPN Richard Worwood (Jan 17)
- Re: Pix to Vigor VPN Ben Nagy (Jan 20)
- Re: Fw: cisco pix does not log traffic targetted to itself? Brian Ford (Jan 14)
- Re: Fw: cisco pix does not log traffic targetted to itself? Kevin Steves (Jan 14)