RE: Cisco ACL doubt

["David Gillett" <gillettdavid () fhda edu>]

  Your mystification suggests that you have written "log-input" 
where in fact you meant to write "log".  Although I have not yet 
managed to imagine a need for the feature, the "log-input" 
feature is behaving exactly as documented by Cisco, and if that 
behaviour is not what you want then you should use the feature 
whose behaviour more closely matches your need.

David Gillett

> -----Original Message-----
> From: 345345 () gmail com [mailto:345345 () gmail com]
> Sent: Sunday, July 03, 2005 7:09 AM
> To: security-basics () securityfocus com
> Subject: Cisco ACL doubt
>
>
> Hello people,
>
> I have the following ACL attached to the external serial (ISP 
> link) of my Cisco 805 Router. 
>
> access-list 102 remark Egress Filtering ACL
> access-list 102 permit ip host 100.100.20.34 any
> access-list 102 permit ip host 100.100.14.102 any log-input
> access-list 102 deny   ip any any log-input
>
> And I keep getting lots of log messages from the router (just 
> like the one here!)
>
> 2005-07-02 14:13:37   Local5.Info     192.168.0.254   12112: 
> 012109: *Mar  1 17:38:03.975 GMT: %SEC-6-IPACCESSLOGP: list 
> 102 denied tcp 200.227.70.210(0) (Serial0 DLCI 100) -> 
> 100.100.20.53(0), 1 packet
>
>
> As far as I can see, those messages tell that the router has 
> blocked an incoming packet on Interface Serial 0. The Big 
> question is: Why does the router reports this incoming packet 
> related to ACL 102 if this ACL is attached to the Serial 0 OUT???
>
> interface Serial0
>  ip access-group 102 out
>
> Thanks in advance for any help.
>
> Best regards,
>
> Jasho Mendinka.
>
> Ps.: in case one needs additional info, please contact me on 
> my e-mail, or I can send more infos if is the common interest.