If we cannot be more specific (access-lists) for deb icmp trace then make an acces-list group object with the remote customer IP's (icmp echo-echo reply) include icmp reply, packet too big, unreachable etc for 0.0.0.0 include the rest of your existing access-list paste that on outside int
THEN TRACE ICMP! (youre eyes will not be garbled anymore) Martijn -----Oorspronkelijk bericht----- Van: Patrick Donlon [mailto:[EMAIL PROTECTED] Verzonden: donderdag 31 juli 2003 17:26 Aan: [EMAIL PROTECTED] Onderwerp: Re: Logging ICMP on a PIX [7:73232] I don't really want to see all ICMP traffic as it makes me cross eyed, I can filter it on the syslog server though (if the disk isn't full). It's just that when trouble shooting connections, e.g.. a vpn to an external company, icmp is normally allowed through so it would be nice to see it when setting up a connection. ""George Murage"" <> wrote in message news:[EMAIL PROTECTED] > Just out of curiosity, why do you want to log *all* ICMP traffic through > your PIX? At logging level 4, you should see logs for selected ICMP traffic > that is characteristic of a reconnaissance attack. > > Anyway, I hope you have a large disk(s) on your Syslog server :-) > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 31, 2003 2:44 PM > To: [EMAIL PROTECTED] > Subject: RE: Logging ICMP on a PIX [7:73232] > > Tried > > debug icmp trace > > And logged that information to console/syslog debugging level? > > Martijn > > 6.2 > http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.h > tm#1028090 > level > Specify the syslog message level as a number or string. The level you > specify means that you want that level and those less than the level. For > example, if level is 3, syslog displays 0, 1, 2, and 3 messages. Possible > number and string level values are: > > 0-emergencies-System unusable messages > 1-alerts-Take immediate action > 2-critical-Critical condition > 3-errors-Error message > 4-warnings-Warning message > 5-notifications-Normal but significant condition > 6-informational-Information message > 7-debugging-Debug messages and log FTP commands and WWW URLs > > > > -----Oorspronkelijk bericht----- > Van: Patrick Donlon [mailto:[EMAIL PROTECTED] > Verzonden: woensdag 30 juli 2003 10:23 > Aan: [EMAIL PROTECTED] > Onderwerp: Logging ICMP on a PIX [7:73232] > > > Do anyone know how to log ICMP traffic that is allowed through a PIX?? I can > see denied ICMP no problem. > > I can log all my other traffic with logging trap debug set, but it can't see > ICMP traffic passing through the firewall. Is this normally behaviour for > 6.2(2)? > > Cheers > > Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73337&t=73232 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
