cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1205
Views
0
Helpful
4
Replies

Teardown missing for built inbound connection on Cisco PIX 6.3

kunal-united
Level 1
Level 1

Hi,

In my syslog server configured for Cisco PIX 6.3,

I see lot of Built and teardown connections.

Logic says if something is built then there should be a teardown.

But I do not see teardowns for some connections even though I know that path is already broken long time ago.

See below.

May  3 09:44:16 ::ffff:204.50.68.253 May 03 2012 12:50:32 cfwprd1a : %PIX-6-302013: Built inbound TCP connection 954594374 for dcn:10.199.58.15/33646 (10.199.58.15/33646) to dmz:172.16.169.238/443 (204.50.68.235/443)

Why is there no teardown for the above in my syslog server?

And this is not just one - there are many meesages that do not have teardowns.

Thanks

4 Replies 4

varrao
Level 10
Level 10

Hi Kunal,

Check the following, I guess you migth have this message diasable, check:

show run logging

if it is:

no logging message 302014

then apply:

logging message 302014

I guess you might have this log suppressed on the ASA.

Thanks,

Varun

Security Team,
Cisco TAC

Thanks,
Varun Rao

Hi,

Please check this.

logging on

logging timestamp

logging standby

logging monitor debugging

logging buffered warnings

logging trap informational

logging history critical

logging device-id hostname

logging host dcn 204.50.69.3

logging host dcn 204.50.69.228

logging host apps 10.10.192.82

no logging message 106023

Thanks

Hi Kunal,

Can you filter your syslog server for the connection ID 954594374?? Moreover, are you able to see the Teardown in the ASDM log viewers, and the ASA log buffer? Can you also share the output of "show logging-queue"??

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

# sh logging queue

        Logging Queue length limit : 512 msg(s), 6251808 msg(s) discarded.

        Current 16 msg on queue, 512 msgs most on queue

I have all logs on the syslog server.

And I cannot see teardowns for few connections that were built.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: