02-19-2004 09:45 AM - edited 02-20-2020 11:15 PM
On our network we have two PIX-520 in failover configuration.
Today, for the first time in five years, the active PIX started
generating thousands (almost a million in 15min) of messages:
%PIX-3-211001: Memory allocation Error
The failover PIX didn't switch to active, so the traffic
stopped flowing through the firewall.
A power down/up of the active PIX resolved the problem.
Is it a symptom of an hardware memory failure or an
effect of some hacker attack ??
Has anybody recently experienced a similar problem ?
Thank you,
Alessandro Asson
___________________________________________________________________
CINECA - Via Magnanelli, 6/3 I-40033 Casalecchio di Reno (BO) Italy
e-mail: a.asson@cineca.it tel +39 051 6171411 fax: +39 051 6132198
02-19-2004 01:37 PM
Hi,
Cant say whether it is an attack or a hardware issue at the moment. You need to provide the following
show conn count
show xlat count
show version
Thanks
Nadeem
02-20-2004 02:34 AM
HI,
here is the show xx commands output, taken now, not when the problem was present.. (at that time the pix
was not accessible)
Thank you,
Alessandro Asson
---
pixfirewall# sh conn count
3599 in use, 9146 most used
---
pixfirewall# sh xlat count
2793 in use, 2794 most used
---
pixfirewall# sh ver
Cisco PIX Firewall Version 6.3(1)
Cisco PIX Device Manager Version 2.1(1)
Compiled on Wed 19-Mar-03 11:49 by morlee
pixfirewall up 30 days 17 hours
Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 350 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is 00d0.b785.4722, irq 11
1: ethernet1: address is 00d0.b785.4649, irq 10
2: ethernet2: address is 00e0.b601.090e, irq 15
3: ethernet3: address is 00e0.b601.090d, irq 9
4: ethernet4: address is 00e0.b601.090c, irq 11
5: ethernet5: address is 00e0.b601.090b, irq 10
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Interfaces: 6
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has an Unrestricted (UR) license.
Serial Number: 18030673 (0x1132051)
Running Activation Key: 0xe21920a6 0xeac8139b 0x4b3172af 0xb9e4be7c
Configuration last modified by enable_15 at 11:26:10.538 MET Fri Feb 20 2004
02-20-2004 12:16 PM
this output seems to be normal. we would needed the same output at the time of the problem.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: