Re: [fw-wiz] PIX VPN Logging question

Robert Driscoll escribió:
There is another access_list that lists all the offices, it gets applied to a "NAT 0" rule. I have tried to do append log 4 and log disable as well.

I wonder if its a case where I need to add it to all the entries in the access_list.

Hi, I think you should append the log 4 to the access-list you have
applied to the inside interface (with the access-group command) (if the
"offending" logging lines is generated by traffic matching that
access-list (built and teardown connections etc...)). What PIX version
are you running?. Can you post some of the logging lines you don't want
to see in your logs (hiding the sensible data)?.

firewall-wizards mailing list

Relevant Pages

  • Re: cant ping or telnet to or from a cat 3550
    ... Logging is enabled but shows nothing at all other than a couple ... Interface FastEthernet0/18, changed state to down ... I am trying to ping from a host on Vlan 9, ... from the switch which also does not work. ...
  • Setting up a PIX 501 from scratch
    ... fixup protocol http 80 ... !--- Enable logging. ... !--- on the inside interface. ... access-group 100 in interface outside ...
  • Basic pix configuration
    ... the inside interface is ... fixup protocol http 80 ... access-list acl-in permit tcp host any eq www ... no logging timestamp ...
  • Re: Cisco 1721 Dropping Connection
    ... Ethernet interface ... input packets with dribble condition detected ... output buffer failures, ... route>show logging ...
  • Re: Syslog to monitor traffic
    ... That's far too much to watch in real time, ... set the logging level to include such items: ... because you could get an overwhelming amount of entries. ...