I have an 827 installed at another location with the below partial config. When I send UDP & TCP Packets using a (FREE) tool to send UDP & TCP packets to a target (SimpleComTools.com), nothing registers in the log, I can see ICMP pings in the log, but nothing else in my inbound access list # 111 other than expected traffic which is being explicitly blocked & permitted. I'm sending traffic to the ports & protocols not explicitly listed in the access list, so I would expect it to fall to the bottom of the access list and be logged by the last
2 TCP & UDP permit lists. Even if I move the last permits to the top of the access list, I still don't see anything. The problem is that I have logging turned on, and nothing is being logged on the log.... see below... Access List111 is the Inbound Access List....hostname 827 ! boot-start-marker boot-end-marker ! logging exception 16384 logging count logging buffered 65536 informational no logging rate-limit
access-list 111 deny udp any any range 1000 1050 access-list 111 deny udp any any range 135 netbios-ss access-list 111 deny tcp any any range 135 139 access-list 111 deny tcp any any range 1433 1434 access-list 111 deny udp any any eq 2 access-list 111 deny udp any 192.168.0.0 0.0.255.255 access-list 111 permit tcp any any gt 1 established access-list 111 permit tcp any any eq telnet log access-list 111 deny tcp any any eq www access-list 111 permit tcp any any eq 40019 access-list 111 deny tcp any 198.168.0.0 0.0.255.255 log-input access-list 111 deny udp any 198.168.0.0 0.0.255.255 log-input access-list 111 deny tcp any any eq 8080 access-list 111 permit tcp host 192.224.32.111 any access-list 111 permit udp host 192.224.32.111 any access-list 111 permit icmp any any echo-reply access-list 111 permit icmp any any time-exceeded access-list 111 permit icmp 68.94.0.0 0.0.255.255 any access-list 111 permit icmp any any access-list 111 permit udp host 68.94.157.2 any access-list 111 permit udp host 68.94.156.1 any access-list 111 permit udp host 68.94.157.1 any access-list 111 permit udp host 68.94.156.2 any access-list 111 deny ip any any access-list 111 permit tcp any any log access-list 111 permit udp any any log
Anyone have any ideas ?