ray_stone Wed, 10/22/2008 - 08:32
User Badges:

Few information are given below : Pl advice



Result of the command: "sh mem"




Free memory: 65660880 bytes (25%)

Used memory: 193644464 bytes (75%)

------------- ----------------

Total memory: 259305344 bytes (100%)



Result of the command: "sh xlate count"




181 in use, 462 most used



Result of the command: "sh conn count"




229 in use, 2026 most used



Result of the command: "sh blocks"




SIZE MAX LOW CNT

0 400 358 400

4 200 199 199

80 400 345 400

256 3412 3349 3412

1550 7331 7260 7315

2048 2624 2055 2110

2560 900 900 900

4096 100 100 100

8192 100 100 100

16384 102 102 102

65536 16 16 16


Show memory process output is attached.

Please suggest if you find anything wrong. Thanks



ray_stone Wed, 10/22/2008 - 09:14
User Badges:

Hi, I am looking so much logs of 106021. Shd i take as an attack and which of the action I need to be taken. Please help!!

acomiskey Wed, 10/22/2008 - 09:52
User Badges:
  • Green, 3000 points or more

Could you post one of the logs?

ray_stone Wed, 10/22/2008 - 10:03
User Badges:

1|Oct 22 2008|14:40:53|106021|192.168.10.43||255.255.255.255||Deny UDP reverse path check from 192.168.10.43 to 255.255.255.255 on interface outside


192.168.10.0/24 is a inside network.

ajagadee Wed, 10/22/2008 - 10:26
User Badges:
  • Cisco Employee,

Richard,


What is the IP Address 192.168.10.43? Is this a server or user? Where are the outside and inside interface connected to? Are they connecting to the same switch?


Couple of things that I would do:


1. Look at the physical topology and see if there is any VLAN Misconfiguration


2. If the IP Address .43 is dual NICed, make sure that the ports are in the right vlan.


Regards,

Arul


* Please rate if it helps *

ray_stone Wed, 10/22/2008 - 19:26
User Badges:

Hi, its a modem IP and its directly connected with switch which is connected directly FW and V-lan is created on FW instead of Switch.


Last Sunday, we have upgraded the IOS version 8.03 to 8.04 and after that from remote sites users are facing disconnected issue like FTP, RDC. Remote users connect and the connection disconnects automatically but it was working fine until IOS upgrade.


Please suggest.

ray_stone Wed, 10/22/2008 - 21:48
User Badges:

Please suggest as we are facing such issue frequently. Thnaks

ray_stone Thu, 10/23/2008 - 06:07
User Badges:

Hi, I have just opened a TAC request for this and have got response to execute the following commands:


- no ip verify reverse-path interface inside


- no ip verify reverse-path interface outside


- no ip verify reverse-path interface dmz


- no ip verify reverse-path interface outside2


May I know what would be the effect if I execute these commands in Production Firewall as per security concerned as I am sure we haven't make any changes since last well except IOS version 8.04 which I have already rolled back into previous version 8.03. Please help, its urgent!!!!!

ray_stone Thu, 10/23/2008 - 07:08
User Badges:

Hi, the issue has been solved after just turned of the IP Spoofing command.


Actions

This Discussion