Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Pix 501 oddity

Two weeks ago I deployed a Pix 501 with OS 6.3(1) to one of our remote sites. It ran great until last Friday when it would suddenly stop working every 16 minutes and 20 seconds.

Yesterday the firewall was exhibiting the same behavior so I upgraded the OS to 6.3(4) and the PDM to 3.0(3).

The problem continued.

I setup a syslog server on one of the workstations and configured logging for everything to level 7.

After this change was made, the firewall was quite happy.

No logging was configured on the firewall prior to yesterday.

Has anyone else seen this happen and if so, what did you do to resolve the issue?

I'm all for logging firewall activity but it seems quite odd to me that a perfectly good firewall would suddenly stop working until logging was configured on it.

Thank you.

3 REPLIES

Re: Pix 501 oddity

Is the syslog enabled only in PIX, or you have external syslog server to keep those log messages?

New Member

Re: Pix 501 oddity

The logging on the Pix is configured to use an external syslog server.

Prior to setting up the logging, no logging was enabled on the firewall.

I had anohter 501 do this same type of thing in another remote office but never setup syslogging and after a week or two it just stopped doing this.

Re: Pix 501 oddity

Strange, but beside unreachable/intermittent communication with syslog, it MAY be due to other things. You need to really test it. For example, do not enable external syslog server, but log it to internal buffer (#logging buffer debugging)

But before that, test whether your syslog server is receiving and can handle all logs (up to level 7 @ debugging). The reason is, it may not be able to handle too many syslog entries that causing it to hang, and subsequently affecting your ASA. LIke PIX, if syslog server is unreachable (due to whatever reasons), the Firewall will hang due to too many log queue pending and unable to be sent to external syslog server.

Like I said, this may be one of many possible reasons. Test it will internal syslog, and see if the box keep rebooting like every 16 minutes and 20 seconds.

HTH

AK

227
Views
0
Helpful
3
Replies
CreatePlease to create content