Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Shun not working - Pix Firewall

I have inserted a shun entry into our Pix 525 7.2(2) Firewall. As per the below :

shun 172.16.10.67

But for some reason when l go to view the shun statistics and also the syslogs there are still entries being displayed for this host ?? can someone please explain why traffic from this host is still getting processed when it should be discarded !! Here is an entry from the syslog that is still getting generated :

Shun 172.16.10.67 cnt=0, time=(0:00:48)

firewall# sh shun stat

outside=OFF, cnt=0

inside=ON, cnt=0

dmz1=OFF, cnt=0

Shun 172.16.10.67 cnt=0, time=(0:05:36)

Dec 10 2008 09:17:46: %PIX-4-106023: Deny tcp src inside:172.16.10.67/15849 dst outside:192.168.100.23/389 by access-group "inbound_inside" [0xfe7bab7c, 0x0]

12-10-2008 09:17:45 Local4.Warning 172.16.20.6 Dec 10 2008 09:17:46: %PIX-4-106023: Deny tcp src inside:172.16.10.67/15851 dst outside:192.168.100.23/389 by access-group "inbound_inside" [0xfe7bab7c, 0x0]

12-10-2008 09:17:46 Local4.Warning 172.16.20.6 Dec 10 2008 09:17:46: %PIX-4-106023: Deny tcp src inside:172.16.10.67/15850 dst outside:192.168.100.74/389 by access-group "inbound_inside" [0xfe7bab7c, 0x0]

12-10-2008 09:17:46 Local4.Warning 172.16.20.6 Dec 10 2008 09:17:46: %PIX-4-106023: Deny tcp src inside:172.16.10.67/15851 dst outside:192.168.100.23/389 by access-group "inbound_inside" [0xfe7bab7c, 0x0]

292
Views
0
Helpful
0
Replies
CreatePlease to create content