Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1216
Views
0
Helpful
3
Replies

Pix 501 oddity

nicholash101
Level 1
Level 1

‎11-29-2006 05:21 AM - edited ‎03-11-2019 02:02 AM

Two weeks ago I deployed a Pix 501 with OS 6.3(1) to one of our remote sites. It ran great until last Friday when it would suddenly stop working every 16 minutes and 20 seconds.

Yesterday the firewall was exhibiting the same behavior so I upgraded the OS to 6.3(4) and the PDM to 3.0(3).

The problem continued.

I setup a syslog server on one of the workstations and configured logging for everything to level 7.

After this change was made, the firewall was quite happy.

No logging was configured on the firewall prior to yesterday.

Has anyone else seen this happen and if so, what did you do to resolve the issue?

I'm all for logging firewall activity but it seems quite odd to me that a perfectly good firewall would suddenly stop working until logging was configured on it.

Thank you.

Labels:
0 Helpful
3 Replies 3

a.kiprawih
Level 7
Level 7

‎11-29-2006 04:51 PM

Is the syslog enabled only in PIX, or you have external syslog server to keep those log messages?

0 Helpful

nicholash101
Level 1
Level 1
In response to a.kiprawih

‎12-03-2006 05:39 AM

The logging on the Pix is configured to use an external syslog server.

Prior to setting up the logging, no logging was enabled on the firewall.

I had anohter 501 do this same type of thing in another remote office but never setup syslogging and after a week or two it just stopped doing this.

0 Helpful

a.kiprawih
Level 7
Level 7
In response to nicholash101

‎12-03-2006 05:51 AM

Strange, but beside unreachable/intermittent communication with syslog, it MAY be due to other things. You need to really test it. For example, do not enable external syslog server, but log it to internal buffer (#logging buffer debugging)

But before that, test whether your syslog server is receiving and can handle all logs (up to level 7 @ debugging). The reason is, it may not be able to handle too many syslog entries that causing it to hang, and subsequently affecting your ASA. LIke PIX, if syslog server is unreachable (due to whatever reasons), the Firewall will hang due to too many log queue pending and unable to be sent to external syslog server.

Like I said, this may be one of many possible reasons. Test it will internal syslog, and see if the box keep rebooting like every 16 minutes and 20 seconds.

HTH

AK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card