Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Deny protocol 105

I have two failover PIX 515Es. The following message appears in my syslog log:

%PIX-4-106023: Deny protocol 105 src outside:x.x.x.x dst inside:x.x.x.x by access-group "ACLXX"

I think it is where the PIXs ping each other as part of their failover and it is being denied. I only allow ICMP unreachable messages on that interface. Is this causing the problem?

2 REPLIES
Silver

Re: Deny protocol 105

Are the source and destination addresses the Pixs interfaces? The Pix only pings its failover mate on the same interface. outside to outside. inside to inside. etc.

New Member

Re: Deny protocol 105

Yes - both outside interfaces. Primary is rejecting secondary.

306
Views
0
Helpful
2
Replies