11-06-2002
11:27 PM
- last edited on
02-21-2020
11:13 PM
by
cc_security_adm
My PIX 520 restart automatically several times a day. what's the possible reasion?
previously ,we use aaa authentication include any any , it authentication tcp only , it work well ,
now we use aaa authentication match and access-list to authentication the UDP, but pix 520 restart automatically several times a day.
PIX 's version is 5.2(3) , and following is logging and configuration:
configuration:
:
PIX Version 5.2(3)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password I1KsNEYu.kF2dfHF encrypted
passwd I1KsNEYu.kF2dfHF encrypted
hostname pix520
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
names
access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq www
access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq ftp
access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq telnet
access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq smtp
access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq domain
access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq pop3
access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq nntp
access-list 10 permit udp 172.16.16.0 255.255.240.0 any eq domain
access-list 10 permit udp 172.16.16.0 255.255.240.0 any eq tftp
access-list 10 permit tcp 172.16.16.0 255.255.240.0 host 202.109.106.130
access-list 10 permit tcp 172.16.16.0 255.255.240.0 host 202.109.99.129
access-list 10 permit tcp 172.16.16.0 255.255.240.0 host 202.109.107.2
access-list 10 permit udp 172.16.16.0 255.255.240.0 any eq 8000
access-list 10 permit tcp 172.16.16.0 255.255.240.0 any eq 443
access-list 10 permit udp 172.16.16.0 255.255.240.0 any eq 443
access-list 10 permit ip 172.16.16.0 255.255.240.0 host 61.129.74.7
access-list 10 permit ip 172.16.16.0 255.255.240.0 host 61.129.74.10
access-list 10 permit ip 172.16.16.0 255.255.240.0 host 61.129.74.14
access-list 10 permit icmp any any echo
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any unreachable
access-list 60 permit ip any any
access-list 200 permit tcp any any
access-list 200 permit udp any any
access-list 300 deny udp any any eq domain
access-list 300 deny ip host 172.16.31.212 any
access-list 300 deny ip host 172.16.31.136 any
access-list 300 deny ip host 172.16.31.205 any
access-list 300 deny ip host 172.16.31.126 any
access-list 300 deny ip host 172.16.31.102 any
access-list 300 deny ip host 172.16.31.105 any
access-list 300 deny ip host 172.16.31.100 any
access-list 300 deny ip host 172.16.31.182 any
access-list 300 deny ip host 172.16.18.196 any
access-list 300 deny ip host 172.16.31.66 any
access-list 300 deny ip host 172.16.31.166 any
access-list 300 permit ip any any
pager lines 24
logging on
logging timestamp
no logging standby
no logging console
no logging monitor
logging buffered debugging
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 100full
interface ethernet1 100full
mtu outside 1500
mtu inside 1500
ip address outside 172.31.255.2 255.255.255.0
ip address inside 172.16.16.100 255.255.240.0
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
arp timeout 14400
global (outside) 1 172.31.255.10-172.31.255.119
global (outside) 2 172.31.255.121-172.31.255.239
global (outside) 1 172.31.255.120
global (outside) 2 172.31.255.240
nat (inside) 2 172.16.18.0 255.255.255.0 0 0
nat (inside) 1 172.16.31.0 255.255.255.0 0 0
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 172.31.255.1 1
timeout xlate 4:00:00
timeout conn 0:20:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:3
0:00 sip_media 0:02:00
timeout uauth 4:00:00 absolute uauth 0:30:00 inactivity
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server tac+ protocol tacacs+
aaa-server tac+ (inside) host 172.16.16.91 france697 timeout 10
aaa authentication match 300 inside tac+
aaa accounting match 200 inside tac+
filter activex 80 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
virtual http 172.31.255.241
virtual telnet 172.31.255.241
no floodguard enable
no sysopt route dnat
auth-prompt prompt please input your name and password.
auth-prompt accept welcome!
auth-prompt reject invalid user name or password. try again.
isakmp identity hostname
telnet 172.16.31.198 255.255.255.255 inside
telnet 172.16.31.126 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:bd8bb00344452a5577bcb469d9cbfe13
logging:
pix520# show logging
Syslog logging: enabled
Timestamp logging: enabled
Standby logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: level debugging, 28089 messages logged
Trap logging: disabled
History logging: disabled
1025 (ss)
302006: Teardown UDP connection for faddr 172.88.205.96/137 gaddr 172.31.255.121/1027
laddr 172.16.18.206/1027 (ss)
302006: Teardown UDP connection for faddr 68.135.107.235/137 gaddr 172.31.255.121/102
5 laddr 172.16.18.206/1025 (ss)
302006: Teardown UDP connection for faddr 172.88.205.97/137 gaddr 172.31.255.121/1027
laddr 172.16.18.206/1027 (ss)
302006: Teardown UDP connection for faddr 68.135.107.236/137 gaddr 172.31.255.121/102
5 laddr 172.16.18.206/1025 (ss)
302006: Teardown UDP connection for faddr 172.88.205.98/137 gaddr 172.31.255.121/1027
laddr 172.16.18.206/1027 (ss)
302006: Teardown UDP connection for faddr 68.135.107.237/137 gaddr 172.31.255.121/102
5 laddr 172.16.18.206/1025 (ss)
302006: Teardown UDP connection for faddr 172.88.205.99/137 gaddr 172.31.255.121/1027
laddr 172.16.18.206/1027 (ss)
302006: Teardown UDP connection for faddr 68.135.107.238/137 gaddr 172.31.255.121/102
5 laddr 172.16.18.206/1025 (ss)
302006: Teardown UDP connection for faddr 172.88.205.100/137 gaddr 172.31.255.121/102
7 laddr 172.16.18.206/1027 (ss)
302006: Teardown UDP connection for faddr 68.135.107.239/137 gaddr 172.31.255.121/102
5 laddr 172.16.18.206/1025 (ss)
302006: Teardown UDP connection for faddr 172.88.205.101/137 gaddr 172.31.255.121/102
7 laddr 172.16.18.206/1027 (ss)
302006: Teardown UDP connection for faddr 68.135.107.240/137 gaddr 172.31.255.121/102
5 laddr 172.16.18.206/1025 (ss)
302006: Teardown UDP connection for faddr 172.88.205.102/137 gaddr 172.31.255.121/102
7 laddr 172.16.18.206/1027 (ss)
302006: Teardown UDP connection for faddr 68.135.107.241/137 gaddr 172.31.255.121/102
5 laddr 172.16.18.206/1025 (ss)
302002: Teardown TCP connection 2224 faddr 192.168.5.236/80 gaddr 172.31.255.130/2036
laddr 172.16.18.215/2036 duration 0:02:27 bytes 0 (lf)
37 to 64.13.160.241/137 on interface inside
109013: User must authenticate before using this service
109013: User must authenticate before using this service
109001: Auth start for user '???' from 172.16.18.139/1393 to 202.109.106.132/8891
109009: Authorization denied from 172.16.18.139/1393 to 202.109.106.132/8891 (not aut
henticated) on interface inside
109013: User must authenticate before using this service
109013: User must authenticate before using this service
302001: Built outbound TCP connection 4344 for faddr 216.207.80.6/80 gaddr 172.31.255
.145/1190 laddr 172.16.18.52/1190 (wj)
109013: User must authenticate before using this service
109013: User must authenticate before using this service
109013: User must authenticate before using this service
109013: User must authenticate before using this service
109013: User must authenticate before using this service
109013: User must authenticate before using this service
109001: Auth start for user 'ss' from 172.16.18.206/1027 to 64.13.160.242/137
109011: Authen Session Start: user 'ss', sid 49
109007: Authorization permitted for user 'ss' from 172.16.18.206/1027 to 64.13.160.24
2/137 on interface inside
109013: User must authenticate before using this service
109013: User must authenticate before using this service
109013: User must authenticate before using this service
109001: Auth start for user 'ss' from 172.16.18.206/1025 to 68.72.70.151/137
109011: Authen Session Start: user 'ss', sid 49
109007: Authorization permitted for user 'ss' from 172.16.18.206/1025 to 68.72.70.151
/137 on interface inside
109013: User must authenticate before using this service
109001: Auth start for user 'ss' from 172.16.18.206/1027 to 64.13.160.243/137
109011: Authen Session Start: user 'ss', sid 49
109007: Authorization permitted for user 'ss' from 172.16.18.206/1027 to 64.13.160.24
3/137 on interface inside
109013: User must authenticate before using this service
109013: User must authenticate before using this service
109001: Auth start for user 'ss' from 172.16.18.206/1025 to 68.72.70.152/137
109011: Authen Session Start: user 'ss', sid 49
109007: Authorization permitted for user 'ss' from 172.16.18.206/1025 to 68.72.70.152
/137 on interface inside
109013: User must authenticate before using this service
11-09-2002 04:44 PM
Try updating to a newer version of ios. We had similar spontaneous reboots of our 520 running 5.x ios, although only once or twice a week. After we upgraded to a 6.x version the problem disappeared.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide