ASA Message log 106012

Unanswered Question
Jun 8th, 2009
User Badges:

Hi, I would like to have a expert opinion about an ASA msg log.


I deployed a pair of ASA with 3 Legs ( outside, inside and DMZ ).


Currently there is an IP video conferencing device in the DMZ.


Once we tested the video conferencing, the quality of the video was very bad. A lot of dropped packet ( seen from the device ).


I did check in the ASA and found that there was a lot of packet being dropped because of MSG log 106012.


I went through cisco documentation and found this


http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wp1279793


anyone can explain about this symptom ? and is there a workaround solution for this ?



Thanks



Richard

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
Loading.
owillins Fri, 06/12/2009 - 09:56
User Badges:
  • Silver, 250 points or more

This error message is related to IP packets that has TOS bit set to on, in other words they are using some QOS values. What kind of traffic is this? Voice maybe? Now it looks like error message is not complete "IP options hex" should contain and Hex value after that.

BrinksArgentina Fri, 06/12/2009 - 10:57
User Badges:

I'm not sure, but if Oscar is right, try this on the interface of the switch where the device is connected (asumming you are using a Cisco 2960)


(config-if)#mls qos cos override


This will reset the TOS of the packets originated on this device.




Guido.

Please rate all the helpful comments.


RichardKristian_2 Mon, 06/29/2009 - 02:50
User Badges:

Hi,


Thank you for Your responses.


I've tried to set the "mls qos cos override" on the switch interface that connected to firewall, but the issue was still there.


I capture some log from the ASA.


6|Jun 29 2009|17:56:05|106012|VC01||202.155.32.29||Deny IP from VC01 to 202.155.32.29, IP options: "Router Alert"



any idea what does it means by "Router Alert"?


Thanks

BrinksArgentina Mon, 06/29/2009 - 05:07
User Badges:

IP Options are part of the ip header, but not used and because they are a security risk, most firewalls and routers block them.


http://en.wikipedia.org/wiki/IPv4


You have two workarounds:

1) Upgrade the firmware of the VoIP device if this problem was corrected.

2) Put this device before the firewall, with a public IP. (I do that on a client few month ago)




Guido.

Please rate all the helpful comments.


RichardKristian_2 Thu, 07/09/2009 - 02:27
User Badges:

Hi,


Seems like there is no workaround solution for this using ASA.


Thanks for all the useful information and guidance.



Actions

This Discussion