Are you using tcp logging? Do a "write t" , and look for the "logging host" line. If it says tcp, then whenever the pix cannot log to the logging server, it will block connections. What are you using as a syslog server? Doing standards based UDP logging does not have this "feature"
On any version of the pix if you choose to log via TCP and the syslog server is not reachable from the pix for any reason your pix will stop passing traffic. With Kiwi choose to use UDP and you will be fine. I have had a pix logging to a Kiwi server (desktop running 2000server) for at least a year now and no issues.
Same issue. I was going to post this exact same thing and then found this thread. I am using a PIX 515 and software v5.1(2). I have tried using a command like "logging host dmz 10.x.x.x" which should use the default of udp/514, and I too get this blocking behavior. I am using PFSS as the syslog server.
First time I tried to turn on logging it was with TCP and a level of "debugging": a bad idea, which brought the PIX down. The second time, I removed the existing "logging host" command and entered a new one using the default protocol and port (i.e. I did not specify any protocol/port, so it should have defaulted to udp/514) and tried "logging trap informational" I got about 15 log messages (progress, at least!) before I tried a ping through the PIX and it again shut down, blocking out all traffic. Both times someone had to telnet from inside and reload it.
Is it possible that when I don't specify the protocol and port, it is actually defaulting to TCP? When I do "show logging" it does not say.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :