×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX 520 restart automatically

Unanswered Question
Nov 6th, 2002
User Badges:

My PIX 520 restart automatically several times a day. what's the possible reasion?


previously ,we use aaa authentication include any any , it authentication tcp only , it work well ,

now we use aaa authentication match and access-list to authentication the UDP, but pix 520 restart automatically several times a day.


PIX 's version is 5.2(3) , and following is logging and configuration:



configuration:


:

PIX Version 5.2(3)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password I1KsNEYu.kF2dfHF encrypted

passwd I1KsNEYu.kF2dfHF encrypted

hostname pix520

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

names

access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq www

access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq ftp

access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq telnet

access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq smtp

access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq domain

access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq pop3

access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq nntp

access-list 10 permit udp 172.16.16.0 255.255.240.0 any eq domain

access-list 10 permit udp 172.16.16.0 255.255.240.0 any eq tftp

access-list 10 permit tcp 172.16.16.0 255.255.240.0 host 202.109.106.130

access-list 10 permit tcp 172.16.16.0 255.255.240.0 host 202.109.99.129

access-list 10 permit tcp 172.16.16.0 255.255.240.0 host 202.109.107.2

access-list 10 permit udp 172.16.16.0 255.255.240.0 any eq 8000

access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq 443

access-list 10 permit udp 172.16.16.0 255.255.240.0 any eq 443

access-list 10 permit ip 172.16.16.0 255.255.240.0 host 61.129.74.7

access-list 10 permit ip 172.16.16.0 255.255.240.0 host 61.129.74.10

access-list 10 permit ip 172.16.16.0 255.255.240.0 host 61.129.74.14

access-list 10 permit icmp any any echo

access-list 100 permit icmp any any echo-reply

access-list 100 permit icmp any any time-exceeded

access-list 100 permit icmp any any unreachable

access-list 60 permit ip any any

access-list 200 permit tcp any any

access-list 200 permit udp any any

access-list 300 deny udp any any eq domain

access-list 300 deny ip host 172.16.31.212 any

access-list 300 deny ip host 172.16.31.136 any

access-list 300 deny ip host 172.16.31.205 any

access-list 300 deny ip host 172.16.31.126 any

access-list 300 deny ip host 172.16.31.102 any

access-list 300 deny ip host 172.16.31.105 any

access-list 300 deny ip host 172.16.31.100 any

access-list 300 deny ip host 172.16.31.182 any

access-list 300 deny ip host 172.16.18.196 any

access-list 300 deny ip host 172.16.31.66 any

access-list 300 deny ip host 172.16.31.166 any

access-list 300 permit ip any any

pager lines 24

logging on

logging timestamp

no logging standby

no logging console

no logging monitor

logging buffered debugging

no logging trap

no logging history

logging facility 20

logging queue 512

interface ethernet0 100full

interface ethernet1 100full

mtu outside 1500

mtu inside 1500

ip address outside 172.31.255.2 255.255.255.0

ip address inside 172.16.16.100 255.255.240.0

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

failover ip address outside 0.0.0.0

failover ip address inside 0.0.0.0

arp timeout 14400

global (outside) 1 172.31.255.10-172.31.255.119

global (outside) 2 172.31.255.121-172.31.255.239

global (outside) 1 172.31.255.120

global (outside) 2 172.31.255.240

nat (inside) 2 172.16.18.0 255.255.255.0 0 0

nat (inside) 1 172.16.31.0 255.255.255.0 0 0

access-group 100 in interface outside

route outside 0.0.0.0 0.0.0.0 172.31.255.1 1

timeout xlate 4:00:00

timeout conn 0:20:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:3

0:00 sip_media 0:02:00

timeout uauth 4:00:00 absolute uauth 0:30:00 inactivity

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server tac+ protocol tacacs+

aaa-server tac+ (inside) host 172.16.16.91 france697 timeout 10

aaa authentication match 300 inside tac+

aaa accounting match 200 inside tac+

filter activex 80 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

virtual http 172.31.255.241

virtual telnet 172.31.255.241

no floodguard enable

no sysopt route dnat

auth-prompt prompt please input your name and password.

auth-prompt accept welcome!

auth-prompt reject invalid user name or password. try again.

isakmp identity hostname

telnet 172.16.31.198 255.255.255.255 inside

telnet 172.16.31.126 255.255.255.255 inside

telnet timeout 5

ssh timeout 5

terminal width 80

Cryptochecksum:bd8bb00344452a5577bcb469d9cbfe13



logging:


pix520# show logging

Syslog logging: enabled

Timestamp logging: enabled

Standby logging: disabled

Console logging: disabled

Monitor logging: disabled

Buffer logging: level debugging, 28089 messages logged

Trap logging: disabled

History logging: disabled

1025 (ss)

302006: Teardown UDP connection for faddr 172.88.205.96/137 gaddr 172.31.255.121/1027

laddr 172.16.18.206/1027 (ss)

302006: Teardown UDP connection for faddr 68.135.107.235/137 gaddr 172.31.255.121/102

5 laddr 172.16.18.206/1025 (ss)

302006: Teardown UDP connection for faddr 172.88.205.97/137 gaddr 172.31.255.121/1027

laddr 172.16.18.206/1027 (ss)

302006: Teardown UDP connection for faddr 68.135.107.236/137 gaddr 172.31.255.121/102

5 laddr 172.16.18.206/1025 (ss)

302006: Teardown UDP connection for faddr 172.88.205.98/137 gaddr 172.31.255.121/1027

laddr 172.16.18.206/1027 (ss)

302006: Teardown UDP connection for faddr 68.135.107.237/137 gaddr 172.31.255.121/102

5 laddr 172.16.18.206/1025 (ss)

302006: Teardown UDP connection for faddr 172.88.205.99/137 gaddr 172.31.255.121/1027

laddr 172.16.18.206/1027 (ss)

302006: Teardown UDP connection for faddr 68.135.107.238/137 gaddr 172.31.255.121/102

5 laddr 172.16.18.206/1025 (ss)

302006: Teardown UDP connection for faddr 172.88.205.100/137 gaddr 172.31.255.121/102

7 laddr 172.16.18.206/1027 (ss)

302006: Teardown UDP connection for faddr 68.135.107.239/137 gaddr 172.31.255.121/102

5 laddr 172.16.18.206/1025 (ss)

302006: Teardown UDP connection for faddr 172.88.205.101/137 gaddr 172.31.255.121/102

7 laddr 172.16.18.206/1027 (ss)

302006: Teardown UDP connection for faddr 68.135.107.240/137 gaddr 172.31.255.121/102

5 laddr 172.16.18.206/1025 (ss)

302006: Teardown UDP connection for faddr 172.88.205.102/137 gaddr 172.31.255.121/102

7 laddr 172.16.18.206/1027 (ss)

302006: Teardown UDP connection for faddr 68.135.107.241/137 gaddr 172.31.255.121/102

5 laddr 172.16.18.206/1025 (ss)

302002: Teardown TCP connection 2224 faddr 192.168.5.236/80 gaddr 172.31.255.130/2036

laddr 172.16.18.215/2036 duration 0:02:27 bytes 0 (lf)

37 to 64.13.160.241/137 on interface inside

109013: User must authenticate before using this service

109013: User must authenticate before using this service

109001: Auth start for user '???' from 172.16.18.139/1393 to 202.109.106.132/8891

109009: Authorization denied from 172.16.18.139/1393 to 202.109.106.132/8891 (not aut

henticated) on interface inside

109013: User must authenticate before using this service

109013: User must authenticate before using this service

302001: Built outbound TCP connection 4344 for faddr 216.207.80.6/80 gaddr 172.31.255

.145/1190 laddr 172.16.18.52/1190 (wj)

109013: User must authenticate before using this service

109013: User must authenticate before using this service

109013: User must authenticate before using this service

109013: User must authenticate before using this service

109013: User must authenticate before using this service

109013: User must authenticate before using this service

109001: Auth start for user 'ss' from 172.16.18.206/1027 to 64.13.160.242/137

109011: Authen Session Start: user 'ss', sid 49

109007: Authorization permitted for user 'ss' from 172.16.18.206/1027 to 64.13.160.24

2/137 on interface inside

109013: User must authenticate before using this service

109013: User must authenticate before using this service

109013: User must authenticate before using this service

109001: Auth start for user 'ss' from 172.16.18.206/1025 to 68.72.70.151/137

109011: Authen Session Start: user 'ss', sid 49

109007: Authorization permitted for user 'ss' from 172.16.18.206/1025 to 68.72.70.151

/137 on interface inside

109013: User must authenticate before using this service

109001: Auth start for user 'ss' from 172.16.18.206/1027 to 64.13.160.243/137

109011: Authen Session Start: user 'ss', sid 49

109007: Authorization permitted for user 'ss' from 172.16.18.206/1027 to 64.13.160.24

3/137 on interface inside

109013: User must authenticate before using this service

109013: User must authenticate before using this service

109001: Auth start for user 'ss' from 172.16.18.206/1025 to 68.72.70.152/137

109011: Authen Session Start: user 'ss', sid 49

109007: Authorization permitted for user 'ss' from 172.16.18.206/1025 to 68.72.70.152

/137 on interface inside

109013: User must authenticate before using this service




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
3gcasper Sat, 11/09/2002 - 16:44
User Badges:

Try updating to a newer version of ios. We had similar spontaneous reboots of our 520 running 5.x ios, although only once or twice a week. After we upgraded to a 6.x version the problem disappeared.

Actions

This Discussion