Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Deny logs in syslog server

Hi ,

we have Cisco PIX 535 firewall.

We are getting deny logs in syslog server.


<156>Feb 23 2010 19:23:45: %PIX-4-106023: Deny icmp src wanif:x.x.x.x dst secmif:y.y.y.y (type 11, code 0) by access-group "wanin"
<156>Feb 23 2010 19:23:45: %PIX-4-106023: Deny icmp src wanif:x.x.x.x dst secmif:y.y.y.y (type 11, code 0) by access-group "wanin"
<156>Feb 23 2010 19:23:48: %PIX-4-106023: Deny icmp src wanif:x.x.x.x dst secmif:y.y.y.y (type 11, code 0) by access-group "wanin"
<156>Feb 23 2010 19:23:49: %PIX-4-106023: Deny icmp src wanif:x.x.x.x dst secmif:y.y.y.y (type 11, code 0) by access-group "wanin"


In log file x.x.x.x is my Wan IP & y.y.y.y is call manager ip.


Please suggest regarding same.


Regards

Sanjay N.

1 REPLY
Cisco Employee

Re: Deny logs in syslog server

What is the question?

Seems like these are time exceeded messages type 11 code 0.

http://www.iana.org/assignments/icmp-parameters

Here is the syslog link:

http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1052375

Are you trying to traceroute to the IP address?

You can add fixup or inspect for icmp error.

-KS

161
Views
0
Helpful
1
Replies
CreatePlease to create content