Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 515e, Syslog errors from MSN (I think)

Status
Not open for further replies.
LedZepRock

LedZepRock

MIS
Feb 20, 2002
265
GB
Hi

I get this error (the high port changes)and sometimes the destination IP address, in my SysLog, I get about 2 or 3 a minute sometimes. What is the problem, I am allowing TCP port 80 from 192.168.101.11, so I guess the error (it reports it as critical) is the first hit part?? how do I stop/fix it??


Dec 31 2003 15:42:26: %PIX-2-106100: access-list inside_access_in permitted tcp inside/192.168.101.11(42866) -> <010><009>outside/212.23.32.5(80) hit-cnt 1 (first hit)


Thanks
 
Sort by date Sort by votes
Thanks for the information.

Thing is is should only log critical or greater, so I dont understand why it is informing me of the match (or why it classes it as critical)

it is setup like this

access-list inside_access_in permit tcp host 192.168.101.11 any object-group HTTP_Services log 2

??
 
Upvote 0 Downvote
Error Message %PIX-n- 106100: access-list acl_ID {permitted | denied | est-allowed} protocol interface_name/source_address(source_port) -> interface_name/dest_address(dest_port) hit-cnt number ({first hit | number-second interval})

Explanation This message reports when packets match an ACL statement, if you configured the log option for the access-list command. The message level depends on the level set in the access-list command (by default, the level is 6). The message indicates either the initial occurrance or the total number of occurrances during an interval. This message provides more information than message 106023, which only logs denied packets, and does not include the hit count or a configurable level. See the following descriptions:

{permitted | denied | est-allowed}—These values specify if the packet was permitted or denied by the ACL. If the value is est-allowed, then the packet was denied by the ACL, but the packet was allowed for an already established session (for example, an internal user is allowed to accesss the Internet, and responding packets are allowed back).
protocol—tcp, udp, icmp, or an IP protocol number.
interface_name—The interface name for the source or destination of the logged flow. The VLAN interfaces are supported.
source_address—The source IP address of the logged flow.
dest_address—The destination IP address of the logged flow.
source_port—The source port of the logged flow (TCP or UDP). For ICMP, this field is 0.
dest_port—The destination port of the logged flow (TCP or UDP). For ICMP, this field is icmp-type.
hit-cnt number—The number of times this flow was permitted or denied by this ACL entry in the configured time interval. The value is 1, however, when the firewall generates the first syslog message for this flow.
first hit—The first message generated for this flow.
number-second interval—The interval in which the hit count is accumulated. Set this interval using the access-list command interval option.
Recommended Action None required.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
800
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
591
XLNTech1
XLNTech1
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
253
hairlessupportmonkey
hairlessupportmonkey
Shmid
  • Locked
  • Question
Hi We´re thinking of enabling Ac
Replies
0
Views
484
Shmid
Shmid
GeorgeAlba
  • Locked
  • Question
What do you think about this proxy
Replies
0
Views
213
GeorgeAlba
GeorgeAlba

Part and Inventory Search

Sponsor

Back
Top