Question : Help with asa log

Hi Experts, can you help me decipher this log. We have some crazy traffic going on in the network right now, so I wanted another set of eyes to look at this and see if they see anything weird. Of course ive XX'd out the private stuff and renamed the vpn information.

1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:



asa01# show log
Syslog logging: enabled
    Facility: 23
    Timestamp logging: enabled
    Standby logging: disabled
    Deny Conn when Queue Full: disabled
    Console logging: disabled
    Monitor logging: level warnings, 5703 messages logged
    Buffer logging: level warnings, 5703 messages logged
    Trap logging: disabled
    History logging: level warnings, 5703 messages logged
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: level warnings, 5703 messages logged



SA-4-106023: Deny icmp src outside:68.85.135.9 dst inside:X.X.X.228 (type 11, code 0) by access-group "accesslistout" [0x0, 0x0]
May 12 2010 22:28:46: %ASA-4-106023: Deny icmp src outside:68.86.148.110 dst inside:X.X.X.228 (type 11, code 0) by access-group "accesslistout" [0x0, 0x0]
May 12 2010 22:28:47: %ASA-4-106023: Deny icmp src outside:68.86.148.110 dst inside:X.X.X.228 (type 11, code 0) by access-group "accesslistout" [0x0, 0x0]
May 12 2010 22:28:48: %ASA-4-106023: Deny icmp src outside:68.86.148.110 dst inside:X.X.X.228 (type 11, code 0) by access-group "accesslistout" [0x0, 0x0]
May 12 2010 22:28:49: %ASA-4-106023: Deny icmp src outside:68.86.148.33 dst inside:X.X.X.228 (type 11, code 0) by access-group "accesslistout" [0x0, 0x0]
May 12 2010 22:28:50: %ASA-4-106023: Deny icmp src outside:68.86.148.33 dst inside:X.X.X.228 (type 11, code 0) by access-group "accesslistout" [0x0, 0x0]
May 12 2010 22:28:51: %ASA-4-106023: Deny icmp src outside:68.86.148.33 dst inside:X.X.X.228 (type 11, code 0) by access-group "accesslistout" [0x0, 0x0]
May 12 2010 22:28:55: %ASA-3-713119: Group = vpngroup, Username = user, IP = 71.28.229.93, PHASE 1 COMPLETED
May 12 2010 22:31:34: %ASA-2-106001: Inbound TCP connection denied from 207.138.126.207/80 to X.X.X.228/6269 flags FIN ACK  on interface outside
May 12 2010 22:33:25: %ASA-3-713119: Group = vpngroup, Username = user, IP = 98.28.26.189, PHASE 1 COMPLETED
May 12 2010 22:33:38: %ASA-3-713119: Group = vpngroup, Username = domain\user, IP = 67.215.223.224, PHASE 1 COMPLETED
May 12 2010 22:34:54: %ASA-4-713903: Group = 75.149.103.37, IP = 75.149.103.37, Freeing previously allocated memory for authorization-dn-attributes
May 12 2010 22:34:54: %ASA-3-713119: Group = 75.149.103.37, IP = 75.149.103.37, PHASE 1 COMPLETED
May 12 2010 22:35:23: %ASA-4-113019: Group = vpngroup, Username = user, IP = 98.17.100.85, Session disconnected. Session Type: IPSecOverNatT, Duration: 13h:33m:15s, Bytes xmt: 12396467, Bytes rcv: 11988981, Reason: User Requested
May 12 2010 22:37:21: %ASA-3-713119: Group = vpngroup, Username = user, IP = 71.196.33.48, PHASE 1 COMPLETED
May 12 2010 22:37:27: %ASA-2-106001: Inbound TCP connection denied from 218.8.245.123/6000 to X.X.X.228/2967 flags SYN  on interface outside
May 12 2010 22:37:27: %ASA-2-106001: Inbound TCP connection denied from 218.8.245.123/6000 to X.X.X.227/2967 flags SYN  on interface outside
May 12 2010 22:37:27: %ASA-2-106001: Inbound TCP connection denied from 218.8.245.123/6000 to X.X.X.225/2967 flags SYN  on interface outside
May 12 2010 22:37:27: %ASA-2-106001: Inbound TCP connection denied from 218.8.245.123/6000 to X.X.X.229/2967 flags SYN  on interface outside
May 12 2010 22:37:27: %ASA-4-106023: Deny udp src outside:68.87.68.162/53 dst inside:X.X.X.228/46371 by access-group "accesslistout" [0x0, 0x0]
May 12 2010 22:39:04: %ASA-3-713119: Group = vpngroup, Username = user, IP = 71.122.115.44, PHASE 1 COMPLETED
May 12 2010 22:40:51: %ASA-3-713119: Group = vpngroup, Username = user, IP = 71.28.229.93, PHASE 1 COMPLETED
May 12 2010 22:43:18: %ASA-2-106001: Inbound TCP connection denied from 67.195.168.230/25 to X.X.X.228/6333 flags RST  on interface outside
May 12 2010 22:44:20: %ASA-2-106001: Inbound TCP connection denied from 96.17.75.179/80 to X.X.X.228/6339 flags FIN ACK  on interface outside
May 12 2010 22:45:25: %ASA-3-713119: Group = vpngroup, Username = user, IP = 98.28.26.189, PHASE 1 COMPLETED
May 12 2010 22:45:38: %ASA-3-713119: Group = vpngroup, Username = domain\user, IP = 67.215.223.224, PHASE 1 COMPLETED
May 12 2010 22:45:46: %ASA-3-106014: Deny inbound icmp src outside:70.87.253.58 dst outside:X.X.X.225 (type 11, code 0)
May 12 2010 22:47:39: %ASA-4-713903: Group = 75.149.103.37, IP = 75.149.103.37, Freeing previously allocated memory for authorization-dn-attributes
May 12 2010 22:47:39: %ASA-3-713119: Group = 75.149.103.37, IP = 75.149.103.37, PHASE 1 COMPLETED
May 12 2010 22:49:21: %ASA-3-713119: Group = vpngroup, Username = user, IP = 71.196.33.48, PHASE 1 COMPLETED

Answer : Help with asa log

No - some denied traffic and remote users connecting in.

But crazy traffic from your perspective and the firewalls perspective are different things. If the traffic is permitted through the firewall, it doesn't matter how crazy it seems, it won't be reflected in the logs.

Question : Help with asa log

Answer : Help with asa log

No - some denied traffic and remote users connecting in.But crazy traffic from your perspective and the firewalls perspective are different things. If the traffic is permitted through the firewall, it doesn't matter how crazy it seems, it won't be reflected in the logs.

No - some denied traffic and remote users connecting in.

But crazy traffic from your perspective and the firewalls perspective are different things. If the traffic is permitted through the firewall, it doesn't matter how crazy it seems, it won't be reflected in the logs.