Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
697
Views
0
Helpful
1
Replies

Deny logs in syslog server

Sanjay shivaji Nalawade
Level 1
Level 1

‎02-23-2010 06:33 AM - edited ‎03-11-2019 10:13 AM

Hi ,

we have Cisco PIX 535 firewall.

We are getting deny logs in syslog server.


<156>Feb 23 2010 19:23:45: %PIX-4-106023: Deny icmp src wanif:x.x.x.x dst secmif:y.y.y.y (type 11, code 0) by access-group "wanin"
<156>Feb 23 2010 19:23:45: %PIX-4-106023: Deny icmp src wanif:x.x.x.x dst secmif:y.y.y.y (type 11, code 0) by access-group "wanin"
<156>Feb 23 2010 19:23:48: %PIX-4-106023: Deny icmp src wanif:x.x.x.x dst secmif:y.y.y.y (type 11, code 0) by access-group "wanin"
<156>Feb 23 2010 19:23:49: %PIX-4-106023: Deny icmp src wanif:x.x.x.x dst secmif:y.y.y.y (type 11, code 0) by access-group "wanin"


In log file x.x.x.x is my Wan IP & y.y.y.y is call manager ip.


Please suggest regarding same.


Regards

Sanjay N.

Labels:
0 Helpful
1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

‎02-23-2010 11:17 AM

What is the question?

Seems like these are time exceeded messages type 11 code 0.

http://www.iana.org/assignments/icmp-parameters

Here is the syslog link:

http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1052375

Are you trying to traceroute to the IP address?

You can add fixup or inspect for icmp error.

-KS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card