During the day these occur every few minutes. I increased the low and high values to 500 and 600 respectively but still get the messages. We also experience periodic slow internet connections.
We have used this router in this config for over 1 year without problems, traffic thru it is very small now compared to last term. I am wondering if I should upgrade this router to a 2821 or is there something in the config I can change improve things.
part of config:
!Upstream gateway to internet
!134.x.173.10/24 (fastethernet 0/0)
! THIS 2621 ROUTER/FIREWALL
!192.168.1.1/30 (fastethernet 0/1)
! LAYER3 3750 SWITCH routing enabled
! | vlan2 | vlan3 | vlan4
! 134.x.176.1/23 134.x.178.1/24 134.x7.179.1/24
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
boot system flash:1:aaa1328.bin
logging buffered 16000 debugging
logging console critical
aaa authentication login default local
aaa authentication enable default enable
enable secret 5 xxxxxxxxxxxxxxxx
enable password 7 xxxxxxxxxxxxxxxxxxx
username xxxxxxx password 7 xxxxxxxxxxx
clock timezone EST -5
clock summer-time EDT recurring
no ip source-route
ip domain-name mae.carleton.ca
ip name-server 134.x.1.1
no ip bootp server
ip inspect max-incomplete low 500
ip inspect max-incomplete high 600
ip inspect one-minute low 500
ip inspect one-minute high 600
ip inspect dns-timeout 15
ip inspect tcp idle-time 300
ip inspect name FW-RULE udp
ip inspect name FW-RULE ftp
ip inspect name FW-RULE h323
ip inspect name FW-RULE realaudio
ip inspect name FW-RULE smtp
ip inspect name FW-RULE streamworks
ip inspect name FW-RULE vdolive
ip inspect name FW-RULE tftp
ip inspect name FW-RULE tcp
! ip inspect audit-trail
! ip inspect name FW-RULE fragment maximum 256 timeout 1
ip audit notify log
ip audit po max-events 100
ip audit smtp spam 100
ip audit signature 2000 disable
ip audit signature 2001 disable
ip audit signature 2002 disable
ip audit signature 2004 disable
ip audit signature 2005 disable
ip audit name MY-AUDIT info action alarm
ip audit name MY-AUDIT attack action alarm drop reset
I have jsut been reading your case, and im seeing the same issues with periodic slow internet connections, during the business day. After hours, when not lot of traffic is going via this firewall router, connection to the internet seems to be fine.
Im using a 7206 VXR IOS 12.3(16) with a G1.Im also seeing the same %FW-4-ALERT_ON: getting aggressive in the loggs.
I dont think upgrading your router to a 2811 will solve your problem.
What version of IOS are you running?
I currently have a TAC case open, but havent come back with anything yet.
I see that others solved this by increasing the high and low values but I don't think my router has enough memory to go much higher and I can add any more memory. That's why I though a 2821 would solve it.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...