Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Netmeting through VPN-PIX6.2

Hi,

i am running a vpn ( IPSEC - DES ) between two PIX 515 - 6.2 ( 1 ) , and i

run a Microsoft Netmeeting session between two PCs through the tunnel.

Everything seems to work fine , the chat , the video , the sound (even though there is some lag in the video but i suppose that it is caused by

the encryption ,the two PIX outside interface are on the same subnet) , but i get this ciritical log message about every 15 sec.

"Facility: LOCAL4 Priority: CRITICAL

Message: %PIX-2-106012: Deny IP from x.x.125.191 to y.y.0.131, IP options: "0x14""

Cisco documentation says;

%PIX-2-106012: Deny IP from IP_addr to IP_addr, IP options hex.

Explanation This is a connection-related message. An IP packet was seen with IP options. Because IP options are considered a security risk, the packet was discarded.

Action A security breach was probably attempted. Check the local site for loose source or strict source routing.

What can i do to get rid of this error ? Is it a bug of 6.2 or do i have some configuration optimisation to do ?

I run

fixup protocol h323 ras 1718-1719

fixup protocol h323 h225 1720

thanks

Michel Caissie

1 REPLY
New Member

Re: Netmeting through VPN-PIX6.2

It’s probably just a packet being sent with the IP options field set. Since the packet is discarded, I suspect your application (netmeeting) resends the packet without the option bit set. Probably nothing to worry about if you’re not having problems.

99
Views
0
Helpful
1
Replies