Weird PIX Problem

Unanswered Question
Oct 8th, 2007

Hi All,

I have 2 pix firewalls in failover mode. All of a sudden the primary started dropping all traffic on the inside interface.

when doing a sh log I was seeing litterally hundreds of Deny UDP reverse path check errors on the inside interface. the log counter was going up hundreds in seconds with these messages.

so I turned off the primary firewall and the standby kicked in and there are no issues at all. as soon as you turn the primary back on same problem, all traffic on inside is dropped.

I have the

ip verify reverse-path interface inside

command turned on so its doing its job if its spoofing but why am I not seeing the same problem on the secondry firewall once that has become active?

Im stumped with this


oh yeah and the ip address source in the log message is a so which the last two octets in the source address changing all the time.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
autobot130 Sun, 10/14/2007 - 09:47

Sounds like it might be dropping packets due to CPU overutilization due a DoS attack from someone inside spoofing those IP address of 169.254.x.x. Have you checked the CPU when that occurs?

if you had that command in there working before, then something other than configuration or hardware is triggering the packets on the inside interface to be dropped. My guess is someone is causing trouble perhaps.


This Discussion