Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Silver

excessive dropped packets

hello

i activated syslog in my PIX.

i am receiving many syslog msg in this format:

deny tcp source outside:PBIP/80 dest inside:MyPBIP/rndport

where PBIP is a public IP and MyPBIP is the public IP of my external interface in PIX.

they seems to be like data packets coming from web servers. they should pass and come to internal clients.

some PBIP belong to yahoo or google, so they do noy seems to be like an attack if we are sure they r not spoofed.

but why pix drops this packets? do they arrive late so it considers them out of connection?

any comment? thanks

  • Other Network Infrastructure Subjects
1 REPLY

Re: excessive dropped packets

Your guess that these packets are "too late" is in fact correct. This kind of traffic is only allowed-in as long as a dynamic nat translation exists. When the conection is idle for some time, the translation entry is removed by the PIX and further traffic is denied.

Likely these are updates from pages with dynamic content or so where the webserver has not received a disconnect message from the client.

reagrds,

Leo

117
Views
0
Helpful
1
Replies