Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
562
Views
0
Helpful
4
Replies

deny TCP (no connection)

rsullivan1
Level 1
Level 1

‎02-13-2009 07:50 AM - edited ‎03-11-2019 07:50 AM

I see a lot of these messages, maybe hundreds per minutes. I feel this is not normal, but can never find any convincing information either way. Can anyone elaborate?

Labels:
0 Helpful
4 Replies 4

eddie.mitchell
Level 3
Level 3

‎02-13-2009 08:00 AM

Can you tell us what message ID is associated with what you're seeing?

http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html

0 Helpful

eddie.mitchell
Level 3
Level 3
In response to rsullivan1

‎02-13-2009 08:16 AM

Is this firewall on your network perimeter? Are all of these messages being generated from the same source IP address? Same destination IP? Same source or destination port?

0 Helpful

rsullivan1
Level 1
Level 1
In response to eddie.mitchell

‎02-13-2009 08:28 AM

This is our perimeter which then interfaces another LAN. Another firewall is used at the internet perimeter. The addresses are not the same, although you see a cluster of denies (between 2 and 6 for each deny). We had an explicit deny any any log entry at the end of the outside rules. I just disabled this and noticed a significant drop in the logged traffic. I'm not sure this is just a band-aid to the real issue though.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card