Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
575
Views
0
Helpful
1
Replies

CE560 and PIX

admin_2
Level 3
Level 3

‎09-11-2002 11:44 AM

Has anyone had problems implementing a CE560 that sits behind a PIX? I am installing a CE560 that is speaking WCCP2 with a Catalyst 6509. All web traffic travels from the clients to the 6509, to the CE560, back to the 6509, through a PIX and on to the web (assumimg that the page was not cached). The problem I have is that the when the cache engine is used the Firewall logs increase from 10MB daily to 80MB daily. All of the PIX syslogs are Deny TCP connection due to no matching entry in the state table. All of the messages are to or from the CE560. Web traffic itself does not seem to be affected. It just causes the PIX logs to grow so large that they are unmanageable.

Thanks,

Kevin

Labels:
0 Helpful
1 Reply 1

pgolding
Level 1
Level 1

‎09-11-2002 08:23 PM

does the cache have a public to private static translation in the pix? might be better if it does.

but, the problem you see may be related to the way the pix closes sessions once a FIN packet is seen. you can alter this behavior with the pix command "sysopt connection timewait", so try adding or removing this command and see if it stops the deny messages.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card