Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1334
Views
0
Helpful
1
Replies

Pb with PIX and strange syslog messages.

jc.reynes
Level 1
Level 1

‎11-15-2001 08:26 AM - edited ‎02-20-2020 09:54 PM

Hello,

I just update to PIX 6.0.1 on a PIX 515UR (6 interfaces) and now I received messages like this :

106011: No routing to arrival interface.

I check the configuration and I don't understand this messages... I have read tons of documentation about this event on cisco.com, but I can't find any solution.

All the functionnality are correct (filtering, routing, vpn,...) except this message.

Thank you for your help.

Regards.

0 Helpful
1 Reply 1

rsivanandan
Level 1
Level 1

‎11-24-2001 03:11 AM

Hi, this is the output of error decoder. hope this addresses you problem.

####################################################

1. %PIX-7-106011: Deny inbound (No xlate) chars

This is a connection-related message. This message occurs when a packet is sent to the same interface that it arrived on. This usually indicates that a security breach is occurring. When the PIX Firewall receives a packet, it tries to establish a translation slot based on the security policy you set with the global and conduit commands, and your routing policy set with the route command.

Failing both policies, PIX Firewall allows the packet to flow from the higher priority network to a lower priority network, if it is consistent with the security policy. If a packet comes from a lower priority network and the security policy does not allow it, PIX Firewall routes the packet back to the same interface.

To provide access from an interface with a higher security to a lower security, use the nat and global commands. For example, use the nat command to let inside users access outside servers, to let inside users access perimeter servers, and to let perimeter users access outside servers.

To provide access from an interface with a lower security to higher security, use the static and conduit commands. For example, use the static and conduit commands to let outside users access inside servers, outside users access perimeter servers, or perimeter servers access inside servers.

Recommended Action: Fix your configuration to reflect your security policy for handling these attack events.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card