Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Major Syslog congestion on PIX Firewall

I keep getting syslog messages like this:

Dec 12 2005 11:18:22: %PIX-4-106023: Deny tcp src outside:70.245.59.93/80 dst inside:67.67.242.130/23443 by access-group "CSM-acl-outside

And LOTS of them. From a bunch of different IP addresses. I really can't pin down the problem. Anyone have any ideas?

Thanks.

Sonny

7 REPLIES

Re: Major Syslog congestion on PIX Firewall

Hi

This is an informative message indicative of access tries from the outside ip address.

It will be there though u havent enabled any log for the same.

regds

New Member

Re: Major Syslog congestion on PIX Firewall

Looks like replies from web requests where the stateful session has timed out, so the outside access list drops it.

Did you do anything immediately prior to these messages?

If you issued a 'clear xlate' just before it would have the same effect.

New Member

Re: Major Syslog congestion on PIX Firewall

Cisco TAC says it is this:

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee27834&Submit=Search

Just thought I'd let you know. Thanks.

Sonny

New Member

Re: Major Syslog congestion on PIX Firewall

I had the same problem.

This is happening because the outgoing connection to some webservers are being closing by the client.

After that, when some packets that was traveling before the outside webserver received the tcp-reset arrives at pix, pix logs error 106023.

The TAC link previouly posted is exacly what is happening. I just post this comment to better understand when it happens.

I'm with a TAC case related to the same problem, and I hope cisco reconsider this BUG to version 7.x versions too, and soon, fix it.

New Member

Re: Major Syslog congestion on PIX Firewall

I am receiving the 106023 msgs on a PIX525 7.0.4 box.

Are there any resolutions or work arounds to stop this behavior.

thanks, chuck

New Member

Re: Major Syslog congestion on PIX Firewall

I am having the same symptoms here; however, I think in my case it is related to Websense web filtering...

I am using Websense in standalone mode, so the client actually sends the request directly to the web server, and Websense only interfers when a rule is met (sends a reset to the web server).

New Member

Re: Major Syslog congestion on PIX Firewall

I would guess that on your pix you have an acl for CSM-acl-outside. The Pix is doing it's job blocking un wanted traffic. I will take a random guess that your using a CSM module of some sort..? is the above ACL on interface thats www facing ?

122
Views
0
Helpful
7
Replies