Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Why theres so many Deny messages on the log ?

Hi ,

i have a strange things on the PIX 515 log :

[root@gudang /locked/pix]# tail -f pix-a.log | grep Deny

Nov 2 10:33:16 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48905 flags FIN PSH ACK on interface outside Nov 2 10:33:17 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48903 flags FIN PSH ACK on interface outside Nov 2 10:33:17 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48904 flags RST on interface dmz

Nov 2 10:33:17 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48904 flags RST on interface dmz

Nov 2 10:33:18 pix %PIX-6-106015: Deny TCP (no connection) from 202.159.32.92/25 to 10.32.10.11/48779 flags FIN PSH ACK on interface outside Nov 2 10:33:19 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48905 flags FIN PSH ACK on interface outside Nov 2 10:33:20 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.112.38/113 to 10.32.10.10/56720 flags FIN PSH ACK on interface outside

Nov 2 10:33:20 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48906 flags ACK on interface outside

Nov 2 10:33:20 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48906 flags FIN ACK on interface outside

Nov 2 10:33:20 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48895 flags FIN PSH ACK on interface outside Nov 2 10:33:20 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48904 flags FIN PSH ACK on interface outside Nov 2 10:33:21 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48899 flags FIN PSH ACK on interface outside Nov 2 10:33:21 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48906 flags FIN PSH ACK on interface outside Nov 2 10:33:24 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48906 flags FIN PSH ACK on interface outside Nov 2 10:33:25 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48905 flags FIN PSH ACK on interface outside Nov 2 10:33:25 pix %PIX-6-106015: Deny TCP (no connection) from 212.236.211.10/25 to 10.32.10.11/48889 flags FIN PSH ACK on interface outside

Nov 2 10:33:26 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48907 flags ACK on interface outside

Nov 2 10:33:26 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48907 flags FIN ACK on interface outside

Nov 2 10:33:27 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48907 flags FIN PSH ACK on interface outside Nov 2 10:33:27 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48904 flags FIN PSH ACK on interface outside Nov 2 10:33:28 pix %PIX-6-106015: Deny TCP (no connection) from 202.155.15.21/25 to 10.32.10.11/48903 flags FIN PSH ACK on interface outside Nov 2 10:33:28 pix %PIX-6-106015: Deny TCP (no connection) from 64.110.90.126/1782 to 10.32.10.10/80 flags FIN ACK on interface outside

Can u help me about this ?

1 REPLY
Cisco Employee

Re: Why theres so many Deny messages on the log ?

It looks like the PIX is denying the traffic due to the incomplete TCP handshakes.

If you have something specific in your mind from this log, please let me know.

In that case, please submit your configuration also.

Thanks,

Matt

586
Views
0
Helpful
1
Replies
CreatePlease login to create content