Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1251
Views
14
Helpful
5
Replies

ASA Message log 106012

RichardKristian_2
Level 1
Level 1

‎06-08-2009 10:29 PM - edited ‎03-11-2019 08:41 AM

Hi, I would like to have a expert opinion about an ASA msg log.

I deployed a pair of ASA with 3 Legs ( outside, inside and DMZ ).

Currently there is an IP video conferencing device in the DMZ.

Once we tested the video conferencing, the quality of the video was very bad. A lot of dropped packet ( seen from the device ).

I did check in the ASA and found that there was a lot of packet being dropped because of MSG log 106012.

I went through cisco documentation and found this

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wp1279793

anyone can explain about this symptom ? and is there a workaround solution for this ?

Thanks

Richard

Labels:
0 Helpful
5 Replies 5

owillins
Level 6
Level 6

‎06-12-2009 09:56 AM

This error message is related to IP packets that has TOS bit set to on, in other words they are using some QOS values. What kind of traffic is this? Voice maybe? Now it looks like error message is not complete "IP options hex" should contain and Hex value after that.

BrinksArgentina
Level 1
Level 1
In response to owillins

‎06-12-2009 10:57 AM

I'm not sure, but if Oscar is right, try this on the interface of the switch where the device is connected (asumming you are using a Cisco 2960)

(config-if)#mls qos cos override

This will reset the TOS of the packets originated on this device.


Guido.

Please rate all the helpful comments.

RichardKristian_2
Level 1
Level 1
In response to BrinksArgentina

‎06-29-2009 02:50 AM

Hi,

Thank you for Your responses.

I've tried to set the "mls qos cos override" on the switch interface that connected to firewall, but the issue was still there.

I capture some log from the ASA.

6|Jun 29 2009|17:56:05|106012|VC01||202.155.32.29||Deny IP from VC01 to 202.155.32.29, IP options: "Router Alert"

any idea what does it means by "Router Alert"?

Thanks

0 Helpful

BrinksArgentina
Level 1
Level 1
In response to RichardKristian_2

‎06-29-2009 05:07 AM

IP Options are part of the ip header, but not used and because they are a security risk, most firewalls and routers block them.

http://en.wikipedia.org/wiki/IPv4

You have two workarounds:

1) Upgrade the firmware of the VoIP device if this problem was corrected.

2) Put this device before the firewall, with a public IP. (I do that on a client few month ago)


Guido.

Please rate all the helpful comments.

RichardKristian_2
Level 1
Level 1
In response to BrinksArgentina

‎07-09-2009 02:27 AM

Hi,

Seems like there is no workaround solution for this using ASA.

Thanks for all the useful information and guidance.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card