Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
833
Views
0
Helpful
2
Replies

Pix 515E locking all traffic when unable to contact syslog server...

OVHD IS Dept.
Level 1
Level 1

‎10-28-2002 04:00 PM - edited ‎02-20-2020 10:20 PM

Has anyone heard of the Pix 515E-UR blocking all traffic passing through any interface when unable to contact the specified syslog server in the config? Right now I have the syslog server for the pix on my machine (which gets restarted every-so-often, especially when I'm not around). When this happens, the Pix freezes all traffic going through any of the interfaces. I can ping the Pix, can ping out to all routers on all interfaces, but can't get any hosts from one interface to be able to communicate with another host on a different interface.

I'd like to have the syslog reporting as a feature, not a requirement as I don't have a permanent reliable syslog server in place as of yet. Is there a way that I can tell the Pix to follow the access-lists configured and not just block everyone when it can't contact my machine (ie. my machine's down)?

Thanks in advance for your help!

0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎10-28-2002 04:59 PM

Yes, this is expected behaviour if you're doing TCP syslogging. The theory behind it is that it your syslogging is so important that you are using TCP as the transport protocol, then if you can't log it, don't allow it through. A number of government and military types use this.

You probably have something like the following in your config:

> logging host (inside) 10.1.1.1 6/1470

The 6/1470 here is saying that you want to use TCP instead of the default UDP to send the syslog messages. Change this command and remove the 6/1470 (or whatever combination you have) and then syslogging will use UDP and the PIX will happily pass packets when the syslog server is unavailable.

0 Helpful

atjniemi
Level 1
Level 1

‎11-01-2002 01:39 PM

You should change syslog protocol to UDP in PIX config . Pix will stop all traffic if syslog server stops responding (for example disk full) when TCP is used for syslogging. You propably have line in config like logging host x.x.x.x inside TCP/1468

Try just logging host x.x.x.x inside

Of course you can change it also in PDM if you prefer.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card