When the PIX logs to a syslog server, but that server is down, the router continuously sends icmp messages "host unreachable". The above scenario overloads the corporate network even though everything device is acting properly. Does anyone have any suggestions on what to do if a syslog server goes down, so the entire network is not affected? Thanks.
This is a common issue where the PIX is also configured for IDS signatures, and it gets in a loop sending and receiving syslog messages. Basically it tries to send a syslog to the unavailable syslog server for every message it receives. It receives the ICMP host unreachable which fires off IDS signature 2001, which it then also tries to log to the syslog server, for which it receives another ICMP Unreachable, which it tries to log again, and so on and so on. It's relatively easy in this situation to spike the CPU on the PIX up high it goes crazy trying to log all those messages.
The easy workaround is just not to log those particular types of syslog messages, or turn off that IDS signature. One of the following two commands should do the trick for you:
ip audit signature 2001 disable
no logging message 400011
If this isn't your problem, then you need to give us more information about exactly what "overloading the corporate network" means?
That is exactly our problem. We only stumbled across this problem when I was trying Kiwi syslog on my laptop. I guess there is no way to have the messages disabled/turned off ONLY when this problem occurs? Or if the address for the syslog is not available, don't send logs? Anything like this?
I didn't get any reply from my previous message about the url link so here my question what if the given below logging commands did not give any syslog server will enabling IDS still impact the pix performance ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...