Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

is
New Member

Pix 515E locking all traffic when unable to contact syslog server...

Has anyone heard of the Pix 515E-UR blocking all traffic passing through any interface when unable to contact the specified syslog server in the config? Right now I have the syslog server for the pix on my machine (which gets restarted every-so-often, especially when I'm not around). When this happens, the Pix freezes all traffic going through any of the interfaces. I can ping the Pix, can ping out to all routers on all interfaces, but can't get any hosts from one interface to be able to communicate with another host on a different interface.

I'd like to have the syslog reporting as a feature, not a requirement as I don't have a permanent reliable syslog server in place as of yet. Is there a way that I can tell the Pix to follow the access-lists configured and not just block everyone when it can't contact my machine (ie. my machine's down)?

Thanks in advance for your help!

  • Other Security Subjects
2 REPLIES
Cisco Employee

Re: Pix 515E locking all traffic when unable to contact syslog s

Yes, this is expected behaviour if you're doing TCP syslogging. The theory behind it is that it your syslogging is so important that you are using TCP as the transport protocol, then if you can't log it, don't allow it through. A number of government and military types use this.

You probably have something like the following in your config:

> logging host (inside) 10.1.1.1 6/1470

The 6/1470 here is saying that you want to use TCP instead of the default UDP to send the syslog messages. Change this command and remove the 6/1470 (or whatever combination you have) and then syslogging will use UDP and the PIX will happily pass packets when the syslog server is unavailable.

New Member

Re: Pix 515E locking all traffic when unable to contact syslog s

You should change syslog protocol to UDP in PIX config . Pix will stop all traffic if syslog server stops responding (for example disk full) when TCP is used for syslogging. You propably have line in config like logging host x.x.x.x inside TCP/1468

Try just logging host x.x.x.x inside

Of course you can change it also in PDM if you prefer.

108
Views
0
Helpful
2
Replies
This widget could not be displayed.