Strange PIX behavior

Discussion in 'Cisco' started by centaury_utopian@yahoo.com, Oct 12, 2006.

  1. Guest

    Hi,
    I recently saw a strange behavior on my PIX v 6.2.(4).

    We get hundreds of the following message in the space of a few seconds:

    %PIX-6-106015: Deny TCP (no connection) from <inside address>/25 to <a
    mail client on the Internet>/4739 flags ACK on interface inside


    The problem totally swamped our internet connection, and rebooting our
    mail server did not help. Finally we rebooted the PIX and it went fine
    and never happened since.

    Has anyone seen this behavior? I'm wondering if there is a known PIX
    bug associated with this?
    , Oct 12, 2006
    #1
    1. Advertising

  2. %PIX-6-106015: Deny TCP (no connection) from IP_address/port to
    IP_address/port flags tcp_flags on interface interface_name.

    This message is logged when the firewall discards a TCP packet that has
    no associated connection in the firewall unit's connection table.

    The firewall looks for a SYN flag in the packet, which indicates a
    request to establish a new connection.

    If the SYN flag is not set, and there is not an existing connection,
    the firewall discards the packet.

    --------------------------------

    Cisco Recommended Action: None required unless the firewall receives a
    large volume of these invalid TCP packets.

    If this is the case, trace the packets to the source and determine the
    reason these packets were sent.

    Release Notes for the Cisco Secure PIX Firewall Version 5.1(1)

    http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a008057c979.html

    Hope this helps.

    Brad Reese
    BradReese.Com - Cisco Jobs
    http://www.bradreese.com/hot-jobs.htm
    1293 Hendersonville Road, Suite 17
    Asheville, North Carolina USA 28803
    USA & Canada: 877-549-2680
    International: 828-277-7272
    Fax: 775-254-3558
    AIM: R2MGrant
    BradReese.Com - Cisco CraigsList Jobs
    http://www.bradreese.com/craigslist-networking-jobs.htm
    www.BradReese.Com, Oct 12, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Thomas
    Replies:
    5
    Views:
    534
    RalphOcean
    Jun 28, 2005
  2. Jim
    Replies:
    5
    Views:
    830
  3. =?Utf-8?B?cmFkbWFu?=

    some strange behavior after SP2

    =?Utf-8?B?cmFkbWFu?=, Oct 5, 2004, in forum: Microsoft Certification
    Replies:
    2
    Views:
    596
    Guest
    Oct 8, 2004
  4. Carsten Ranfeld

    c7304 and c2924xl - strange behavior

    Carsten Ranfeld, Jul 30, 2004, in forum: Cisco
    Replies:
    3
    Views:
    687
  5. rcordeiro

    cisco836 strange behavior

    rcordeiro, Aug 24, 2004, in forum: Cisco
    Replies:
    4
    Views:
    538
Loading...

Share This Page